CVE-2014-0709 - Vulnerability Details - OpenCVE

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ucs Director

Configuration 1 [-]

OR	cpe:2.3:a:cisco:ucs_director::::::::
	cpe:2.3:a:cisco:ucs_director:4.0.0.0:::::::*
	cpe:2.3:a:cisco:ucs_director:4.0.0.1:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-02-22T21:00:00

Updated: 2024-08-06T09:27:19.523Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0709

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-02-22T21:55:09.500

Modified: 2024-11-21T02:02:40.747

Link: CVE-2014-0709

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-24T05:57:03", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20140219 Cisco UCS Director Default Credentials Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-0709", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140219 Cisco UCS Director Default Credentials Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.523Z"}, "title": "CVE Program Container", "references": [{"name": "20140219 Cisco UCS Director Default Credentials Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-0709", "datePublished": "2014-02-22T21:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2024-08-06T09:27:19.523Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", "matchCriteriaId": "8108D986-F955-4A75-A8FC-089E04DECF82", "versionEndIncluding": "4.0.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ucs_director:4.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FF8797F-CEFE-4EA5-BB5E-C7C3C618230A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ucs_director:4.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "69A30759-9229-4C82-9B26-3697DD37DCB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."}, {"lang": "es", "value": "Cisco UCS Director (anteriormente Cloupia) en versiones anteriores a 4.0.0.3 tiene una contrase\u00f1a embetida para la cuenta de root, lo que facilita a atacantes remotos obtener acceso administrativo a trav\u00e9s de una sesi\u00f3n SSH a la interface CLI, tambi\u00e9n conocido como Bug ID CSCui73930."}], "id": "CVE-2014-0709", "lastModified": "2024-11-21T02:02:40.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-22T21:55:09.500", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}