Skip to main content

Unified Computing System Infrastructure And Unified Computing System Software CVE-2013-1186

HIGH
Improper Authentication (CWE-287)
2013-04-25 psirt@cisco.com
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 25, 2013 - 10:55 cve.org
HIGH 7.5

DescriptionCVE.org

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.

AnalysisAI

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746. Affected products include: Cisco Unified Computing System Infrastructure And Unified Computing System Software, Cisco Unified Computing System 6120Xp Fabric Interconnect, Cisco Unified Computing System 6140Xp Fabric Interconnect, Cisco Unified Computing System 6248Up Fabric Interconnect, Cisco Unified Computing System 6296Up Fabric Interconnect. Version information: before 1.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2013-1183 CRITICAL
10.0 Apr 25

Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco

CVE-2013-1185 CRITICAL
9.3 Apr 25

The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows rem

CVE-2013-1182 CRITICAL
9.3 Apr 25

The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 b

CVE-2013-1178 HIGH
8.3 Apr 25

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x

CVE-2013-1184 HIGH
7.8 Apr 25

The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.

CVE-2013-1181 HIGH
7.8 Apr 25

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified

CVE-2014-3261 HIGH
7.6 May 26

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing

CVE-2012-1339 MEDIUM
5.0 Aug 06

The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial

CVE-2012-1365 MEDIUM
4.0 Aug 06

Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device

CVE-2012-1364 MEDIUM
4.0 Aug 06

Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device

Share

CVE-2013-1186 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy