var-201604-0048
Vulnerability from variot
Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. Vendors have confirmed this vulnerability Bug ID CSCun71294 It is released as.By a third party root May be granted access rights. Cisco UCS Invicta is prone to a privilege escalation vulnerability. Attackers can exploit this issue to gain elevated root privileges. Cisco UCS Invicta C3124SA Appliance, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner are all products of Cisco. UCS Invicta Scaling System and Appliance is a flash-based storage system device. The following products and versions are affected: Cisco UCS Invicta C3124SA Appliance Version 4.3.1 to Version 5.0.1, UCS Invicta Scaling System and Appliance, Whiptail Racerunner
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucs invicta c3124sa appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.3.1"
},
{
"model": "ucs invicta c3124sa appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0.1"
},
{
"model": "ucs invicta c3124sa appliance",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.5.0"
},
{
"model": "ucs invicta c3124sa the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.3.1 to 5.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:ucs_invicta_c3124sa_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85886"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1313",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90132",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1313",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1313",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1313",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-048",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90132",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. Vendors have confirmed this vulnerability Bug ID CSCun71294 It is released as.By a third party root May be granted access rights. Cisco UCS Invicta is prone to a privilege escalation vulnerability. \nAttackers can exploit this issue to gain elevated root privileges. Cisco UCS Invicta C3124SA Appliance, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner are all products of Cisco. UCS Invicta Scaling System and Appliance is a flash-based storage system device. The following products and versions are affected: Cisco UCS Invicta C3124SA Appliance Version 4.3.1 to Version 5.0.1, UCS Invicta Scaling System and Appliance, Whiptail Racerunner",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1313"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "VULHUB",
"id": "VHN-90132"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1313",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035496",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048",
"trust": 0.7
},
{
"db": "BID",
"id": "85886",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90132",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"id": "VAR-201604-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:27:02.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160406-ucs",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs"
},
{
"title": "Multiple Cisco Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60783"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-ucs"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035496"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1313"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1313"
},
{
"trust": 0.3,
"url": "www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90132"
},
{
"db": "BID",
"id": "85886"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
},
{
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90132"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85886"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-048"
},
{
"date": "2016-04-06T23:59:12.817000",
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90132"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85886"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001951"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-048"
},
{
"date": "2024-11-21T02:46:10.120000",
"db": "NVD",
"id": "CVE-2016-1313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco UCS Invicta C3124SA In products such as appliances root Vulnerabilities that gain access to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001951"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-048"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…