CVE-2012-4073 - Vulnerability Details - OpenCVE

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Computing System

Configuration 1 [-]

cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073
http://www.securitytracker.com/id/1029068

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2013-09-20T16:00:00

Updated: 2024-08-06T20:28:06.916Z

Reserved: 2012-07-31T00:00:00

Link: CVE-2012-4073

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-09-20T16:55:07.690

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4073

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-17T00:00:00", "descriptions": [{"lang": "en", "value": "The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-24T09:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1029068", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029068"}, {"name": "20130917 Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-4073", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1029068", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029068"}, {"name": "20130917 Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:06.916Z"}, "title": "CVE Program Container", "references": [{"name": "1029068", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029068"}, {"name": "20130917 Cisco Unified Computing System Software KVM Client Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2012-4073", "datePublished": "2013-09-20T16:00:00", "dateReserved": "2012-07-31T00:00:00", "dateUpdated": "2024-08-06T20:28:06.916Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "301FBC67-7946-479D-ACC5-D54CBD698291", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332."}, {"lang": "es", "value": "El subsistema KVM (en el cliente) de Cisco Unified Computing System (UCS) no verifica apropiadamente los certificados X.509 desde servidores SSL, lo que permite a atacantes man-in-the-middle falsear servidores, y leer o modificar datos del KVM, a trav\u00e9s de certificados manipulados. Tambien conocido como Bug ID CSCte90332."}], "id": "CVE-2012-4073", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-20T16:55:07.690", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1029068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1029068"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}