1. Home
  2. CVE Database
  3. CVE-2016-1404
HIGH · 7.5

CVE-2016-1404

Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attac...

Vulnerability Description

Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of this key from another installation, aka Bug ID CSCur85504.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoUcs Invicta C3124Sa Appliance4.3.1

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2016-1404?

CVE-2016-1404 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attac...

How severe is CVE-2016-1404?

CVE-2016-1404 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1404?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ucs Invicta C3124Sa Appliance.