CVE-2012-4072
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
20/09/2013
Last modified:
23/09/2016
Description
The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page