1. Home
  2. CVE Database
  3. CVE-2013-1186
HIGH · 7.5

CVE-2013-1186

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management...

Vulnerability Description

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
CiscoUnified Computing System Infrastructure And Unified Computing System Software1.0
CiscoUnified Computing System 6120Xp Fabric Interconnect-
CiscoUnified Computing System 6140Xp Fabric Interconnect-
CiscoUnified Computing System 6248Up Fabric Interconnect-
CiscoUnified Computing System 6296Up Fabric Interconnect-
CiscoUnified Computing System Integrated Management Controller-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2013-1186?

CVE-2013-1186 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management...

How severe is CVE-2013-1186?

CVE-2013-1186 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1186?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System Infrastructure And Unified Computing System Software, Cisco Unified Computing System 6120Xp Fabric Interconnect, Cisco Unified Computing System 6140Xp Fabric Interconnect, Cisco Unified Computing System 6248Up Fabric Interconnect, Cisco Unified Computing System 6296Up Fabric Interconnect.