// For flags

CVE-2024-20280

Cisco UCS Central Software Configuration Backup Static Key Vulnerability

Severity Score

6.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files.

This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key.

Una vulnerabilidad en la función de copia de seguridad de Cisco UCS Central Software podría permitir que un atacante con acceso a un archivo de copia de seguridad obtenga información confidencial almacenada en los archivos de copia de seguridad de estado completo y de configuración. Esta vulnerabilidad se debe a una debilidad en el método de cifrado que se utiliza para la función de copia de seguridad. Un atacante podría explotar esta vulnerabilidad accediendo a un archivo de copia de seguridad y aprovechando una clave estática que se utiliza para la función de configuración de copia de seguridad. Una explotación exitosa podría permitir que un atacante con acceso a un archivo de copia de seguridad obtenga información confidencial que se almacena en los archivos de copia de seguridad de estado completo y los archivos de copia de seguridad de configuración, como credenciales de usuario local, contraseñas de servidor de autenticación, nombres de comunidad de Protocolo simple de administración de red (SNMP) y el certificado y la clave del servidor SSL del dispositivo.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-11-08 CVE Reserved
  • 2024-10-16 CVE Published
  • 2024-10-17 EPSS Updated
  • 2024-10-31 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-798: Use of Hard-coded Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.1
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.1"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.4
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.4"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.3
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.3"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.2
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.4
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.4"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.3
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.3"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.1
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.1"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.4
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.4"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.2
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.2
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.5
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.5"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.5
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.5"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.1
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.1"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.3
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.3"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.2
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.2"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
1.5
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "1.5"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected
Cisco
Search vendor "Cisco"
Cisco Unified Computing System Central Software
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software"
2.0
Search vendor "Cisco" for product "Cisco Unified Computing System Central Software" and version "2.0"
en
Affected