Details of VAR-201402-0194

ID

VAR-201402-0194

CVE

CVE-2014-0709

TITLE

Cisco UCS Director Vulnerabilities that gain management access

Trust: 0.8

sources: JVNDB: JVNDB-2014-001447

DESCRIPTION

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. Cisco Unified Computing System Director is prone to a security-bypass vulnerability. Successful attacks can allow an attacker to gain complete access to the affected devices with root privileges. This issue is tracked by Cisco Bug ID CSCui73930. Cisco UCS Director (formerly known as Cisco Cloupia) is a set of converged infrastructure management solutions from Cisco. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. The vulnerability is caused by the program using the default root account

Trust: 1.98

sources: NVD: CVE-2014-0709 // JVNDB: JVNDB-2014-001447 // BID: 65666 // VULHUB: VHN-68202

AFFECTED PRODUCTS

vendor:	cisco	model:	ucs director	scope:	eq	version:	4.0.0.1	Trust: 1.6
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.0.0.0	Trust: 1.6
vendor:	cisco	model:	ucs director	scope:	lte	version:	4.0.0.2	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	lt	version:	4.0.0.3	Trust: 0.8
vendor:	cisco	model:	ucs director	scope:	eq	version:	4.0.0.2	Trust: 0.6

sources: JVNDB: JVNDB-2014-001447 // CNNVD: CNNVD-201402-314 // NVD: CVE-2014-0709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0709
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0709
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201402-314
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68202
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0709
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68202
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68202 // JVNDB: JVNDB-2014-001447 // CNNVD: CNNVD-201402-314 // NVD: CVE-2014-0709

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-68202 // JVNDB: JVNDB-2014-001447 // NVD: CVE-2014-0709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-314

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201402-314

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001447

PATCH

title:	32757	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32757	Trust: 0.8
title:	cisco-sa-20140219-ucsd	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd	Trust: 0.8
title:	32826	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32826	Trust: 0.8
title:	cisco-sa-20140219-ucsd	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122083_cisco-sa-20140219-ucsd-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-001447

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0709	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-001447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-314	Trust: 0.7
db:	SECUNIA	id:	56955	Trust: 0.6
db:	CISCO	id:	20140219 CISCO UCS DIRECTOR DEFAULT CREDENTIALS VULNERABILITY	Trust: 0.6
db:	BID	id:	65666	Trust: 0.4
db:	VULHUB	id:	VHN-68202	Trust: 0.1

sources: VULHUB: VHN-68202 // BID: 65666 // JVNDB: JVNDB-2014-001447 // CNNVD: CNNVD-201402-314 // NVD: CVE-2014-0709

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140219-ucsd	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0709	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0709	Trust: 0.8
url:	http://secunia.com/advisories/56955	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68202 // BID: 65666 // JVNDB: JVNDB-2014-001447 // CNNVD: CNNVD-201402-314 // NVD: CVE-2014-0709

CREDITS

Cisco

Trust: 0.3

sources: BID: 65666

SOURCES

db:	VULHUB	id:	VHN-68202
db:	BID	id:	65666
db:	JVNDB	id:	JVNDB-2014-001447
db:	CNNVD	id:	CNNVD-201402-314
db:	NVD	id:	CVE-2014-0709

LAST UPDATE DATE

2024-11-23T22:18:38.626000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68202	date:	2016-09-08T00:00:00
db:	BID	id:	65666	date:	2014-02-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-001447	date:	2014-03-10T00:00:00
db:	CNNVD	id:	CNNVD-201402-314	date:	2014-02-26T00:00:00
db:	NVD	id:	CVE-2014-0709	date:	2024-11-21T02:02:40.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68202	date:	2014-02-22T00:00:00
db:	BID	id:	65666	date:	2014-02-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-001447	date:	2014-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201402-314	date:	2014-02-26T00:00:00
db:	NVD	id:	CVE-2014-0709	date:	2014-02-22T21:55:09.500