CVE-2024-20280
Cisco UCS Central Software Configuration Backup Static Key Vulnerability
Severity Score
6.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files.
This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key.
Una vulnerabilidad en la función de copia de seguridad de Cisco UCS Central Software podría permitir que un atacante con acceso a un archivo de copia de seguridad obtenga información confidencial almacenada en los archivos de copia de seguridad de estado completo y de configuración. Esta vulnerabilidad se debe a una debilidad en el método de cifrado que se utiliza para la función de copia de seguridad. Un atacante podría explotar esta vulnerabilidad accediendo a un archivo de copia de seguridad y aprovechando una clave estática que se utiliza para la función de configuración de copia de seguridad. Una explotación exitosa podría permitir que un atacante con acceso a un archivo de copia de seguridad obtenga información confidencial que se almacena en los archivos de copia de seguridad de estado completo y los archivos de copia de seguridad de configuración, como credenciales de usuario local, contraseñas de servidor de autenticación, nombres de comunidad de Protocolo simple de administración de red (SNMP) y el certificado y la clave del servidor SSL del dispositivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-08 CVE Reserved
- 2024-10-16 CVE Published
- 2024-10-17 EPSS Updated
- 2024-10-31 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsc-bkpsky-TgJ5f73J |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.1 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.4 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.3 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.2 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.4 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.3 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.1 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.4 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.2 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.2 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.5 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.5" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.5 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.5" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.1 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.3 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.2 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 1.5 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.5" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Unified Computing System Central Software Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" | 2.0 Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0" | en |
Affected
| ||||||