← Back

CVE-2016-1404

nvd nist
Published: May 29, 2016Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.

Affected (6)

Cisco
1 product
Ucs Invicta C3124sa Appliance
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ucs Invicta C3124sa Appliance
Version 4.3.1
Ucs Invicta C3124sa Appliance
Version 4.3_base
Ucs Invicta C3124sa Appliance
Version 4.5.0
Ucs Invicta C3124sa Appliance
Version 4.5_base
Ucs Invicta C3124sa Appliance
Version 5.0.1
Ucs Invicta C3124sa Appliance
Version 5.0_base

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.