Cisco Unified Computing System Blade Management Controller Information Disclosure Vulnerability

2013-09-24T19:10:55
ID CISCO-SA-20130924-CVE-2012-4085
Type cisco
Reporter Cisco
Modified 2013-09-24T19:10:17

Description

A vulnerability in the Intelligent Platform Management Interface (IPMI) of the Cisco Unified Computing System Blade Management Controller could allow an unauthenticated, remote attacker to discover valid usernames.

The vulnerability is due to a requirement defined in the IPMI specification. An attacker could exploit this vulnerability by enumerating a list of usernames. A successful exploit could allow the attacker to determine valid usernames based on the responses provided by the IPMI interface.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.