The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unified_computing_system | Cisco | 1.0(2k) (including) | 1.0(2k) (including) |
| Unified_computing_system | Cisco | 1.0_base (including) | 1.0_base (including) |
| Unified_computing_system | Cisco | 1.1(1m) (including) | 1.1(1m) (including) |
| Unified_computing_system | Cisco | 1.1_base (including) | 1.1_base (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4078
- http://www.securitytracker.com/id/1029084
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87367
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4078
- http://www.securitytracker.com/id/1029084
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87367