Vulnerabilities > CVE-2014-0709 - Credentials Management vulnerability in Cisco UCS Director

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

cisco

CWE-255

critical

NVD

Published: 2014-02-22

Updated: 2016-09-08

Summary

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco UCS Director 4.0.0.0 Cisco UCS Director 4.0.0.1 Cisco UCS Director 2.1\(0.0\) Cisco UCS Director 4.0.0.2	4

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Seebug

bulletinFamily	exploit
description	Bugtraq ID:65666 CVE ID:CVE-2014-0709 Cisco Unified Computing System通过将统一计算、网络、存储访问和虚拟化整合到一个系统中,简化IT管理并提高灵活性。 Cisco Unified Computing System Director存在安全漏洞，允许远程攻击者利用漏洞完全控制设备。漏洞是由于安装过程中创建了默认的root用户账户，允许攻击者利用该账户远程访问服务器CLI，控制设备。 0 Cisco UCS Director < 4.0.0.3 厂商补丁： Cisco ----- Cisco UCS Director 4.0.0.3已经修复该漏洞，建议用户下载更新： http://www.cisco.com/public/sw-center/
id	SSV:61513
last seen	2017-11-19
modified	2014-02-21
published	2014-02-21
reporter	Root
title	Cisco Unified Computing System Director默认验证凭据安全绕过漏洞

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd