7.5
CVE-2016-1404
- EPSS 0.16%
- Veröffentlicht 29.05.2016 22:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Ucs Invicta C3124sa Appliance Version4.3.1
Cisco ≫ Ucs Invicta C3124sa Appliance Version4.3_base
Cisco ≫ Ucs Invicta C3124sa Appliance Version4.5.0
Cisco ≫ Ucs Invicta C3124sa Appliance Version4.5_base
Cisco ≫ Ucs Invicta C3124sa Appliance Version5.0.1
Cisco ≫ Ucs Invicta C3124sa Appliance Version5.0_base
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.374 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.