CVE-2012-4074 - The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Comput

CVE-2012-4074

Summary

The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4074
http://www.securitytracker.com/id/1029073

Vulnerable Configurations

cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 23-09-2016 - 16:22)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

cisco	20130917 Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability
sectrack	1029073

Last major update

23-09-2016 - 16:22

Published

20-09-2013 - 16:55

Last modified

23-09-2016 - 16:22