CVE-2012-4092
Description
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco UCS Central Software management interface fails to validate vCenter console identities, enabling MITM attacks on inter-device data streams.
Vulnerability
The management interface in the Central Software component of Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles. This allows man-in-the-middle attackers to spoof a vCenter identity and access the inter-device data stream. Affected versions are not specified in the available reference [1], but the bug is tracked as CSCtk00683.
Exploitation
An attacker must be in a man-in-the-middle position on the network between the UCS management interface and a vCenter console. The attacker spoofs the identity of a legitimate vCenter, thereby gaining the ability to intercept or modify the data stream between the devices.
Impact
Successful exploitation allows the attacker to read or modify the inter-device data stream, potentially leading to disclosure of sensitive information or manipulation of UCS management operations.
Mitigation
As of the publication date, no mitigation details have been disclosed in the available reference [1]. It is recommended to consult the Cisco Security Advisory for updates on fixes or workarounds.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.