CVE-2016-1313

Published: Apr 6, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.

Affected (3)

Products: Cisco: Ucs Invicta C3124sa Appliance

1 product

Ucs Invicta C3124sa Appliance

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Ucs Invicta C3124sa Appliance	Version 4.3.1
Cisco Ucs Invicta C3124sa Appliance	Version 4.5.0
Cisco Ucs Invicta C3124sa Appliance	Version 5.0.1

Related CWEs

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1035496

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1035496

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.