Vulnerability Description
The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4074Vendor Advisory
- http://www.securitytracker.com/id/1029073Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4074Vendor Advisory
- http://www.securitytracker.com/id/1029073Third Party AdvisoryVDB Entry
FAQ
What is CVE-2012-4074?
CVE-2012-4074 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obta...
How severe is CVE-2012-4074?
CVE-2012-4074 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4074?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System.