CVE-2016-1404

Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160524-ucs-inv	Vendor Advisory
http://www.securitytracker.com/id/1035957

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.3.1:::::::*
	cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.3_base:::::::*
	cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.5.0:::::::*
	cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.5_base:::::::*
	cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:5.0.1:::::::*
	cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:5.0_base:::::::*

History

No history.

Information

Published : 2016-05-29 22:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-1404

Mitre link : CVE-2016-1404

CVE.ORG link : CVE-2016-1404

JSON object : View

Products Affected

cisco

ucs_invicta_c3124sa_appliance

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-1404", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-05-29T22:59:00.123", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160524-ucs-inv", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1035957", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504."}, {"lang": "es", "value": "Cisco UCS Invicta 4.3, 4.5, y 5.0.1 en los dispositivos Invicta e Invicta Scaling System usan el mismo cifrado de clave GnuPG embebido en diferentes instalaciones de clientes, lo que permite a atacantes remotos vencer los mecanismos de protecci\u00f3n criptogr\u00e1fica rastreando el tr\u00e1fico de red en un servidor Autosupport y aprovechando el conocimiento de esta clave proveniente de otra instalaci\u00f3n, tambi\u00e9n conocido como Bug ID CSCur85504."}], "lastModified": "2016-12-01T03:05:34.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CE7EF76-5703-438F-BB38-0B9F0B610C70"}, {"criteria": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.3_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18684778-9B96-4C59-906A-1FD3E4FF72BE"}, {"criteria": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A23920-C12D-4C4E-BD11-806978FC53BC"}, {"criteria": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.5_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1467FD97-316D-4475-AD81-4DBBAA57F7FE"}, {"criteria": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B381FC04-9CB1-4B91-945D-315591A2D112"}, {"criteria": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:5.0_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB50F72-5054-4934-AFB1-9C85C76C78D1"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}