CVE-2012-4089

Cisco Unified Computing System - Unauthenticated Arbitrary BMC Command Execution via MCTOOLS

Title source: llm
STIX 2.1

Description

MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029082
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/87369

Scores

EPSS 0.0032
EPSS Percentile 23.8%

Details

CWE
CWE-20
Status published
Products (1)
cisco/unified_computing_system
Published Sep 24, 2013
Tracked Since Feb 18, 2026