Executive Summary
Summary | |
---|---|
Title | Cisco UCS Director Default Credentials Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20140219-ucsd | First vendor Publication | 2014-02-19 |
Vendor | Cisco | Last vendor Modification | 2014-02-19 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlMEtOsACgkQUddfH3/BbTrerwD9F9frFRfdIPKHUxFOVSdCWw48 nYMwynXoUtbiTFxpPTwA/A1wg6tWwHyIg3OGrhLzxoMxGQzBlk1QfxxaXORde2I8 =zBK2 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-255 | Credentials Management |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Alert History
Date | Informations |
---|---|
2014-02-24 21:26:33 |
|
2014-02-19 21:19:40 |
|