CVE-2012-4089
medium
CVSS v3
—
CVSS v2
6.6
VIR risk
6.6
Description
MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4089
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4089
- http://www.securitytracker.com/id/1029082
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87369
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4089
- http://www.securitytracker.com/id/1029082
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87369
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.