exploitDog

CVE-2012-4073

Опубликовано: 20 сент. 2013

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073
Vendor Advisory
http://www.securitytracker.com/id/1029068
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4073
Vendor Advisory
http://www.securitytracker.com/id/1029068
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-v95v-4f76-8wgq

github

больше 3 лет назад

The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332.

EPSS

Процентиль: 39%

0.00176

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-310