exploitDog

CVE-2012-4072

Опубликовано: 20 сент. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4072
Vendor Advisory
http://www.securitytracker.com/id/1029067
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4072
Vendor Advisory
http://www.securitytracker.com/id/1029067
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00181

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-ph23-3mhm-w392

github

больше 3 лет назад

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.

EPSS

Процентиль: 40%

0.00181

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20