VAR-201604-0048
Vulnerability from variot - Updated: 2023-12-18 13:34Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. Vendors have confirmed this vulnerability Bug ID CSCun71294 It is released as.By a third party root May be granted access rights. Cisco UCS Invicta is prone to a privilege escalation vulnerability. Attackers can exploit this issue to gain elevated root privileges. Cisco UCS Invicta C3124SA Appliance, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner are all products of Cisco. UCS Invicta Scaling System and Appliance is a flash-based storage system device. The following products and versions are affected: Cisco UCS Invicta C3124SA Appliance Version 4.3.1 to Version 5.0.1, UCS Invicta Scaling System and Appliance, Whiptail Racerunner
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucs invicta c3124sa appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.3.1"
},
{
"model": "ucs invicta c3124sa appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.1"
},
{
"model": "ucs invicta c3124sa appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.5.0"
},
{
"model": "ucs invicta c3124sa the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3.1 to 5.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ucs_invicta_c3124sa_appliance:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85886"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1313",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90132",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1313",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1313",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-048",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90132",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. Vendors have confirmed this vulnerability Bug ID CSCun71294 It is released as.By a third party root May be granted access rights. Cisco UCS Invicta is prone to a privilege escalation vulnerability. \nAttackers can exploit this issue to gain elevated root privileges. Cisco UCS Invicta C3124SA Appliance, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner are all products of Cisco. UCS Invicta Scaling System and Appliance is a flash-based storage system device. The following products and versions are affected: Cisco UCS Invicta C3124SA Appliance Version 4.3.1 to Version 5.0.1, UCS Invicta Scaling System and Appliance, Whiptail Racerunner",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "VULHUB",
"id": "VHN-90132"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1313",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035496",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048",
"trust": 0.7
},
{
"db": "BID",
"id": "85886",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90132",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"id": "VAR-201604-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:26.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160406-ucs",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-ucs"
},
{
"title": "Multiple Cisco Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60783"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-ucs"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035496"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1313"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1313"
},
{
"trust": 0.3,
"url": "www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90132"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85886"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"date": "2016-04-06T23:59:12.817000",
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90132"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85886"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"date": "2016-12-03T03:20:21.137000",
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco UCS Invicta C3124SA In products such as appliances root Vulnerabilities that gain access to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…