var-201309-0013
Vulnerability from variot
The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. Vendors have confirmed this vulnerability Bug ID CSCtg20769 It is released as.A third party may use hard-coded password information to read or edit the file. Cisco Unified Computing System is prone to a security-bypass vulnerability. Exploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCtg20769. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system 1.4",
"scope": null,
"trust": 2.4,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "62652"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "62652"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4088",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4088",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-57369",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4088",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57369",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57369"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769. Vendors have confirmed this vulnerability Bug ID CSCtg20769 It is released as.A third party may use hard-coded password information to read or edit the file. Cisco Unified Computing System is prone to a security-bypass vulnerability. \nExploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions. \nThis issue is being tracked by Cisco Bug ID CSCtg20769. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"db": "BID",
"id": "62652"
},
{
"db": "VULHUB",
"id": "VHN-57369"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4088",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "54682",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1029102",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-473",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130925 CISCO UNIFIED COMPUTING SYSTEM FTP USER VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "62652",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-57369",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57369"
},
{
"db": "BID",
"id": "62652"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
]
},
"id": "VAR-201309-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-57369"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:38:31.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Unified Computing System FTP User Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4088"
},
{
"title": "30998",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30998"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57369"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"db": "NVD",
"id": "CVE-2012-4088"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-4088"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029102"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54682"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4088"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4088"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=281787278"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30998"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57369"
},
{
"db": "BID",
"id": "62652"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-57369"
},
{
"db": "BID",
"id": "62652"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-57369"
},
{
"date": "2013-09-25T00:00:00",
"db": "BID",
"id": "62652"
},
{
"date": "2013-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"date": "2013-09-26T14:16:22.047000",
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"date": "2013-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-57369"
},
{
"date": "2013-09-28T00:14:00",
"db": "BID",
"id": "62652"
},
{
"date": "2013-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004331"
},
{
"date": "2016-09-22T17:16:26.090000",
"db": "NVD",
"id": "CVE-2012-4088"
},
{
"date": "2013-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Computing System of FTP Server read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-473"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.