1. Home
  2. CVE Database
  3. CVE-2016-1313
CRITICAL · 9.8

CVE-2016-1313

Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to ...

Vulnerability Description

Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoUcs Invicta C3124Sa Appliance4.3.1

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2016-1313?

CVE-2016-1313 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to ...

How severe is CVE-2016-1313?

CVE-2016-1313 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-1313?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ucs Invicta C3124Sa Appliance.