Описание
The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:unified_computing_system:1.5\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_computing_system:1.6\(0.16\):*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00136
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.
EPSS
Процентиль: 34%
0.00136
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310