CVE-2012-4088

The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 5.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/54682
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4088	Vendor Advisory
http://www.securitytracker.com/id/1029102	Third Party Advisory VDB Entry
http://secunia.com/advisories/54682
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4088	Vendor Advisory
http://www.securitytracker.com/id/1029102	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-09-26 14:16

Updated : 2025-04-11 00:51

NVD link : CVE-2012-4088

Mitre link : CVE-2012-4088

CVE.ORG link : CVE-2012-4088

JSON object : View

Products Affected

cisco

unified_computing_system

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2012-4088", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-26T14:16:22.047", "references": [{"url": "http://secunia.com/advisories/54682", "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4088", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id/1029102", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@cisco.com"}, {"url": "http://secunia.com/advisories/54682", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4088", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1029102", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769."}, {"lang": "es", "value": "El servidor FTP en Cisco Unified Computing System (UCS) tiene una contrase\u00f1a incrustada para una cuenta espec\u00edfica de usuario, lo cual facilita a los atacantes remotos leer o modificar ficheros mediante el aprovechamiento del conocimiento de esta clave, aka Bug ID CSCtg20769."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "301FBC67-7946-479D-ACC5-D54CBD698291"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}