CVE-2024-20280 – Cisco UCS Central Software Configuration Backup Static Key Vulnerability

https://notcve.org/view.php?id=CVE-2024-20280

16 Oct 2024 — A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsc-bkpsky-TgJ5f73J • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •