Vulnerability Details : CVE-2013-1186
Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-1186
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 2.0(1q)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\(1q\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(1j)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(1j\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 2.0(1w)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\(1w\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(3l)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(3l\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(3i)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(3i\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(1m)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(1m\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1y)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1y\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.0(2k)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0\(2k\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.1(1m)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1\(1m\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.2(1)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\(1\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.2cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2:*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 2.0(1t)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\(1t\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1p)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1p\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1n)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1n\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1w)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1w\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1q)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1q\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(3q)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(3q\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.2(1d)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\(1d\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.2(1a)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.2\(1a\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.1cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.1:*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1o)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1o\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(3y)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(3y\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(3u)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(3u\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 2.0(1s)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\(1s\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1m)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1m\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1c)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1c\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.3(1t)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.3\(1t\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(3s)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(3s\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.4(3m)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.4\(3m\):*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 1.0cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:1.0:*:*:*:*:*:*:*
- Cisco » Unified Computing System Infrastructure And Unified Computing System Software » Version: 2.0(1x)cpe:2.3:o:cisco:unified_computing_system_infrastructure_and_unified_computing_system_software:2.0\(1x\):*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_computing_system_6296up_fabric_interconnect:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_computing_system_6248up_fabric_interconnect:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_computing_system_6140xp_fabric_interconnect:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_computing_system_6120xp_fabric_interconnect:-:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_computing_system_integrated_management_controller:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1186
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1186
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-1186
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1186
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti
Multiple Vulnerabilities in Cisco Unified Computing SystemVendor Advisory
Jump to