Vulnerabilities > CVE-2014-0709 - Credentials Management vulnerability in Cisco UCS Director
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:65666 CVE ID:CVE-2014-0709 Cisco Unified Computing System通过将统一计算、网络、存储访问和虚拟化整合到一个系统中,简化IT管理并提高灵活性。 Cisco Unified Computing System Director存在安全漏洞,允许远程攻击者利用漏洞完全控制设备。漏洞是由于安装过程中创建了默认的root用户账户,允许攻击者利用该账户远程访问服务器CLI,控制设备。 0 Cisco UCS Director < 4.0.0.3 厂商补丁: Cisco ----- Cisco UCS Director 4.0.0.3已经修复该漏洞,建议用户下载更新: http://www.cisco.com/public/sw-center/ |
| id | SSV:61513 |
| last seen | 2017-11-19 |
| modified | 2014-02-21 |
| published | 2014-02-21 |
| reporter | Root |
| title | Cisco Unified Computing System Director默认验证凭据安全绕过漏洞 |