Vulnerability Description
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/55034
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4092Vendor Advisory
- http://secunia.com/advisories/55034
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4092Vendor Advisory
FAQ
What is CVE-2012-4092?
CVE-2012-4092 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers...
How severe is CVE-2012-4092?
CVE-2012-4092 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4092?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System.