cvelistv5 - cve-2014-0709

CVE-2014-0709 (GCVE-0-2014-0709)

Vulnerability from cvelistv5

Published

2014-02-22 21:00

Modified

2024-08-06 09:27

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CERTFR-2014-AVI-085

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans Cisco Unified Computing System. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco UCS Director versions antérieures à 4.0.0.3

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

fkie_cve-2014-0709

Vulnerability from fkie_nvd

Published

2014-02-22 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ucs_director	*
cisco	ucs_director	4.0.0.0
cisco	ucs_director	4.0.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8108D986-F955-4A75-A8FC-089E04DECF82",
              "versionEndIncluding": "4.0.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF8797F-CEFE-4EA5-BB5E-C7C3C618230A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:4.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30759-9229-4C82-9B26-3697DD37DCB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."
    },
    {
      "lang": "es",
      "value": "Cisco UCS Director (anteriormente Cloupia) en versiones anteriores a 4.0.0.3 tiene una contrase\u00f1a embetida para la cuenta de root, lo que facilita a atacantes remotos obtener acceso administrativo a trav\u00e9s de una sesi\u00f3n SSH a la interface CLI, tambi\u00e9n conocido como Bug ID CSCui73930."
    }
  ],
  "id": "CVE-2014-0709",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-02-22T21:55:09.500",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201402-0194

Vulnerability from variot

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. Cisco Unified Computing System Director is prone to a security-bypass vulnerability. Successful attacks can allow an attacker to gain complete access to the affected devices with root privileges. This issue is tracked by Cisco Bug ID CSCui73930. Cisco UCS Director (formerly known as Cisco Cloupia) is a set of converged infrastructure management solutions from Cisco. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. The vulnerability is caused by the program using the default root account

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0194",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0.0.1"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0.0.0"
      },
      {
        "model": "ucs director",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.0.0.2"
      },
      {
        "model": "ucs director",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.0.0.3"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "4.0.0.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:ucs_director",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "65666"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0709",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0709",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-68202",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0709",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0709",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201402-314",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-68202",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. Cisco Unified Computing System Director is prone to a security-bypass vulnerability. \nSuccessful attacks can allow an attacker to gain complete access to the affected devices with root privileges. \nThis issue is tracked by Cisco Bug ID CSCui73930. Cisco UCS Director (formerly known as Cisco Cloupia) is a set of converged infrastructure management solutions from Cisco. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. The vulnerability is caused by the program using the default root account",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0709"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "db": "BID",
        "id": "65666"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68202"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0709",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "56955",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20140219 CISCO UCS DIRECTOR DEFAULT CREDENTIALS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "65666",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-68202",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68202"
      },
      {
        "db": "BID",
        "id": "65666"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "id": "VAR-201402-0194",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68202"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:18:38.626000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "32757",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32757"
      },
      {
        "title": "cisco-sa-20140219-ucsd",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
      },
      {
        "title": "32826",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32826"
      },
      {
        "title": "cisco-sa-20140219-ucsd",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122083_cisco-sa-20140219-ucsd-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140219-ucsd"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0709"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0709"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/56955"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68202"
      },
      {
        "db": "BID",
        "id": "65666"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-68202"
      },
      {
        "db": "BID",
        "id": "65666"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68202"
      },
      {
        "date": "2014-02-19T00:00:00",
        "db": "BID",
        "id": "65666"
      },
      {
        "date": "2014-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "date": "2014-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      },
      {
        "date": "2014-02-22T21:55:09.500000",
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68202"
      },
      {
        "date": "2014-02-19T00:00:00",
        "db": "BID",
        "id": "65666"
      },
      {
        "date": "2014-03-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      },
      {
        "date": "2014-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      },
      {
        "date": "2024-11-21T02:02:40.747000",
        "db": "NVD",
        "id": "CVE-2014-0709"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco UCS Director Vulnerabilities that gain management access",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001447"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-314"
      }
    ],
    "trust": 0.6
  }
}

gsd-2014-0709

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-0709

Aliases

CVE-2014-0709

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0709",
    "description": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.",
    "id": "GSD-2014-0709"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0709"
      ],
      "details": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.",
      "id": "GSD-2014-0709",
      "modified": "2023-12-13T01:22:44.860797Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-0709",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20140219 Cisco UCS Director Default Credentials Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_director:4.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ucs_director:4.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0709"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140219 Cisco UCS Director Default Credentials Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-09-08T18:58Z",
      "publishedDate": "2014-02-22T21:55Z"
    }
  }
}

ghsa-r7vj-ghvm-j3pp

Vulnerability from github

Published

2022-05-17 03:49

Modified

2022-05-17 03:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0709"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-02-22T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.",
  "id": "GHSA-r7vj-ghvm-j3pp",
  "modified": "2022-05-17T03:49:14Z",
  "published": "2022-05-17T03:49:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0709"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-0709 (GCVE-0-2014-0709)

Vulnerability from cvelistv5

CERTFR-2014-AVI-085

Vulnerability from certfr_avis

Solution

fkie_cve-2014-0709

Vulnerability from fkie_nvd

var-201402-0194

Vulnerability from variot

gsd-2014-0709

Vulnerability from gsd

ghsa-r7vj-ghvm-j3pp

Vulnerability from github

Tags

Sightings

Nomenclature