CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4114
https://notcve.org/view.php?id=CVE-2012-4114
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. El módulo fabric-interconnet de KVM en Cisco Unified Computing System (UCS) no cifra los datos de vídeo, lo que permite a atacantes man-in-the-middle ver contenidos de pantalla KVM por inspección de la red o modificar este tráfico mediante la inserción de paquetes en el flujo de datos cliente-servidor, ID CSCtr72949 aka Bug. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114 • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4117
https://notcve.org/view.php?id=CVE-2012-4117
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. El componente frabric-interconnect en Cisco Unified Computing System (UCS) no comprueba correctamente los certificados X.509, lo que permite a atacantes man-in-the-middle para ver el tráfico SSL del canal de video KVM SSL o modificar este tráfico a través de un certificado manipulado, también conocido como Bug ID CSCtr73033. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4117 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4113
https://notcve.org/view.php?id=CVE-2012-4113
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. El componente fabric-interconnect en Cisco Unified Computing System (UCS) permite a usuarios locales obtener privilegios y leer archivos de forma arbitraria a traves de parametros de comando manipulados en el interface de línea de comandos, tambien conocido como Bug ID CSCtr43374. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4113 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4116
https://notcve.org/view.php?id=CVE-2012-4116
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. El componente fabric-interconnect de Cisco Unified Computing System (UCS) no cifra el tráfico de medios KVM, lo que permite a atacantes remotos obtener información sensible, y posteriormente completar el proceso de autenticación para una conexión con el servidor, mediante la monitorización del tráfico de red, aka Bug ID CSCtr72970. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4112
https://notcve.org/view.php?id=CVE-2012-4112
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. El controlador Baseboard Management (BMC) en Cisco Unified Computing System (UCS) permite a usuarios locales conseguir privilegios y ejecutar comandos de forma arbitraria a traves de parámetros de comando manipulados en la interaface línea de comandos, tambien conocido como Bug ID CSCtr43330. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4112 • CWE-264: Permissions, Privileges, and Access Controls •