CVE-2012-4084

Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/98125
http://secunia.com/advisories/55203
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4084	Vendor Advisory
http://www.securityfocus.com/bid/62851	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/87679
http://osvdb.org/98125
http://secunia.com/advisories/55203
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4084	Vendor Advisory
http://www.securityfocus.com/bid/62851	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/87679

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:42

Type	Values Removed	Values Added
References	~~() http://osvdb.org/98125 -~~	() http://osvdb.org/98125 -
References	~~() http://secunia.com/advisories/55203 -~~	() http://secunia.com/advisories/55203 -
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4084 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4084 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/62851 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/62851 - Third Party Advisory, VDB Entry
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/87679 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/87679 -

Information

Published : 2013-10-05 10:55

Updated : 2024-11-21 01:42

NVD link : CVE-2012-4084

Mitre link : CVE-2012-4084

CVE.ORG link : CVE-2012-4084

JSON object : View

Products Affected

cisco

unified_computing_system

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2012-4084", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-10-05T10:55:03.290", "references": [{"url": "http://osvdb.org/98125", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/55203", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4084", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/62851", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87679", "source": "ykramarz@cisco.com"}, {"url": "http://osvdb.org/98125", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55203", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4084", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/62851", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87679", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en la interfaz web-management del componente interconectador de f\u00e1brica (FI) en Cisco Unified Computing System (UCS) permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCtg20755."}], "lastModified": "2024-11-21T01:42:11.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "301FBC67-7946-479D-ACC5-D54CBD698291"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}