==================================================================== CERT-Renater Note d'Information No. 2016/VULN147 _____________________________________________________________________ DATE : 06/04/2016 HARDWARE PLATFORM(S): cisco ucs invicta series. OPERATING SYSTEM(S): Cisco UCS Invicta Software. ====================================================================== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs _____________________________________________________________________ Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability Advisory ID: cisco-sa-20160406-ucs Revision 1.0 For Public Release 2016 April 06 16:00 GMT (UTC) +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system. An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the root account to the system without providing a password. An exploit could allow the attacker to gain access to the system with the privileges of the root user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================