製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco Unified Computing System の Blade Management Controller における有効なユーザ名を列挙される脆弱性

Title	Cisco Unified Computing System の Blade Management Controller における有効なユーザ名を列挙される脆弱性
Summary	Cisco Unified Computing System (UCS) の Blade Management Controller の Intelligent Platform Management Interface (IPMI) の実装には、有効なユーザ名を列挙される脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCtg20761 として公開しています。
Possible impacts	第三者により、IPMI インターフェースのレスポンスを観察されることで、有効なユーザ名を列挙される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 24, 2013, midnight
Registration Date	Sept. 26, 2013, 11:47 a.m.
Last Update	Sept. 26, 2013, 11:47 a.m.

Affected System

シスコシステムズ

Cisco Unified Computing System

Cisco Unified Computing System ソフトウェア 2.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-4085	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4085
National Vulnerability Database (NVD)
2	CVE-2012-4085	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4085

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Cisco Security Notice
1	Cisco Unified Computing System Blade Management Controller Information Disclosure Vulnerability	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4085
Vulnerability Alert
2	30962	http://tools.cisco.com/security/center/viewAlert.x?alertId=30962

Change Log

No	Changed Details	Date of change
0	[2013年09月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-4085

Summary	The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761.
Publication Date	Sept. 24, 2013, 7:35 p.m.
Registration Date	Jan. 28, 2021, 3:02 p.m.
Last Update	Nov. 21, 2024, 10:42 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:h:cisco:unified_computing_system:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4085	Vendor Advisory
2	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4085	Vendor Advisory
3	http://www.securitytracker.com/id/1029081	Third Party Advisory VDB Entry
4	http://www.securitytracker.com/id/1029081	Third Party Advisory VDB Entry
5	https://exchange.xforce.ibmcloud.com/vulnerabilities/87372
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/87372

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html