Home

CVE-2012-4072

Description

The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificates private key, aka Bug ID CSCte90327.

Risk Information

Base Score
5.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.181

Associated Vulnerability

VulnerabilityOS Platform
Cisco Unified Computing System Software KVM Encryption Vulnerability For Cisco Unified Computing SystemNCM
Improper Input Validation Vulnerability (CVE-2012-4072)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706036Security Update for Cisco Unified Computing System 3.2(1d)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234