CVE-2012-4117

Cisco Unified Computing System - Man-in-the-Middle Attack via Improper X.509 Certificate Validation

Title source: llm
STIX 2.1

Description

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033.

References (1)

Core 1
Core References

Scores

EPSS 0.0053
EPSS Percentile 40.9%

Details

CWE
CWE-20
Status published
Products (1)
cisco/unified_computing_system
Published Oct 19, 2013
Tracked Since Feb 18, 2026