Cisco Unified Computing System Smart Call Home Input Validation Vulnerability (CSCtl00186)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

A vulnerability in Cisco Unified Computing System (UCS) Manager could
allow an authenticated, local attacker to trigger a denial of service
(DoS) condition.

The vulnerability is due to improper input validation. An attacker
could exploit this vulnerability by configuring an invalid contact
address for the Smart Call Home functionality. Successful exploitation
could allow the attacker to trigger a DoS condition.

See also :

http://www.nessus.org/u?3826e72d

Solution :

Apply the relevant patch referenced in Cisco Bug Id CSCtl00186.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 3.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 72559 ()

Bugtraq ID: 62456

CVE ID: CVE-2012-4093