Cisco Unified Computing System Cisco Management Controller Denial of Service Vulnerability (CSCtg20734)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability in the Cisco Management Controller of the Cisco Unified
Computing System could allow an authenticated, local attacker to trigger
a denial of service (DoS) condition.

The vulnerability is due to improper parameter input validation. An
attacker could exploit this vulnerability by providing invalid
parameters to the MCTools application, causing the MCServer application
to terminate. A successful exploit could allow the attacker to trigger
a DoS condition.

See also :

http://www.nessus.org/u?21ef46bf

Solution :

Apply the relevant patch referenced in Cisco Bug Id CSCtg20734.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 3.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 72487 ()

Bugtraq ID: 62488

CVE ID: CVE-2012-4081