Details of VAR-201604-0048

ID

VAR-201604-0048

CVE

CVE-2016-1313

TITLE

Cisco UCS Invicta C3124SA In products such as appliances root Vulnerabilities that gain access to

Trust: 0.8

sources: JVNDB: JVNDB-2016-001951

DESCRIPTION

Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner improperly store a default SSH private key, which allows remote attackers to obtain root access via unspecified vectors, aka Bug ID CSCun71294. Vendors have confirmed this vulnerability Bug ID CSCun71294 It is released as.By a third party root May be granted access rights. Cisco UCS Invicta is prone to a privilege escalation vulnerability. Attackers can exploit this issue to gain elevated root privileges. Cisco UCS Invicta C3124SA Appliance, UCS Invicta Scaling System and Appliance, and Whiptail Racerunner are all products of Cisco. UCS Invicta Scaling System and Appliance is a flash-based storage system device. The following products and versions are affected: Cisco UCS Invicta C3124SA Appliance Version 4.3.1 to Version 5.0.1, UCS Invicta Scaling System and Appliance, Whiptail Racerunner

Trust: 1.98

sources: NVD: CVE-2016-1313 // JVNDB: JVNDB-2016-001951 // BID: 85886 // VULHUB: VHN-90132

AFFECTED PRODUCTS

vendor:	cisco	model:	ucs invicta c3124sa appliance	scope:	eq	version:	4.3.1	Trust: 1.6
vendor:	cisco	model:	ucs invicta c3124sa appliance	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	cisco	model:	ucs invicta c3124sa appliance	scope:	eq	version:	4.5.0	Trust: 1.6
vendor:	cisco	model:	ucs invicta c3124sa the appliance	scope:	eq	version:	4.3.1 to 5.0.1	Trust: 0.8

sources: JVNDB: JVNDB-2016-001951 // CNNVD: CNNVD-201604-048 // NVD: CVE-2016-1313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1313
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-1313
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201604-048
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90132
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1313
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90132
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1313
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90132 // JVNDB: JVNDB-2016-001951 // CNNVD: CNNVD-201604-048 // NVD: CVE-2016-1313

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-90132 // JVNDB: JVNDB-2016-001951 // NVD: CVE-2016-1313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-048

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201604-048

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001951

PATCH

title:	cisco-sa-20160406-ucs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs	Trust: 0.8
title:	Multiple Cisco Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60783	Trust: 0.6

sources: JVNDB: JVNDB-2016-001951 // CNNVD: CNNVD-201604-048

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1313	Trust: 2.8
db:	SECTRACK	id:	1035496	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001951	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-048	Trust: 0.7
db:	BID	id:	85886	Trust: 0.4
db:	VULHUB	id:	VHN-90132	Trust: 0.1

sources: VULHUB: VHN-90132 // BID: 85886 // JVNDB: JVNDB-2016-001951 // CNNVD: CNNVD-201604-048 // NVD: CVE-2016-1313

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-ucs	Trust: 1.7
url:	http://www.securitytracker.com/id/1035496	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1313	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1313	Trust: 0.8
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-90132 // BID: 85886 // JVNDB: JVNDB-2016-001951 // CNNVD: CNNVD-201604-048 // NVD: CVE-2016-1313

CREDITS

Cisco

Trust: 0.3

sources: BID: 85886

SOURCES

db:	VULHUB	id:	VHN-90132
db:	BID	id:	85886
db:	JVNDB	id:	JVNDB-2016-001951
db:	CNNVD	id:	CNNVD-201604-048
db:	NVD	id:	CVE-2016-1313

LAST UPDATE DATE

2025-04-13T23:03:07.471000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90132	date:	2016-12-03T00:00:00
db:	BID	id:	85886	date:	2016-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-001951	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-048	date:	2016-04-07T00:00:00
db:	NVD	id:	CVE-2016-1313	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90132	date:	2016-04-06T00:00:00
db:	BID	id:	85886	date:	2016-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-001951	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-048	date:	2016-04-07T00:00:00
db:	NVD	id:	CVE-2016-1313	date:	2016-04-06T23:59:12.817