-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability Advisory ID: cisco-sa-20160406-ucs Revision 1.0 For Public Release 2016 April 06 16:00 GMT (UTC) +--------------------------------------------------------------------- Summary ======= A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system. An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the root account to the system without providing a password. An exploit could allow the attacker to gain access to the system with the privileges of the root user. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXBRJCAAoJEK89gD3EAJB5muUQAJIURzgd5bW4RE6IG6NqznNq 9zL084TWr/TE+lg+NgMQBWc2WqQmxm0+pZnBKpPpmTJ53Lu4yxs0X0ugEpO27r9d l0JVvntCUBwhHogOSCrZCRiqMMMRvC1rj2iYsKIy8khfMfe8/CMHhz/oau8IuhfM 0E/AUTQCTtX6shy0igKXQ6AlX+VZPXswJVvmVdKPB4HOX9/Oc3pPGJ1qOLn+TY3x mAX1dgN4tYqZYnIqY/a9vkBOm/8vd5otW8FgrqrY288QohY7ixoZKEBXPYtAYhWY cmuJjlYgXAJgiHohdEtTCI9biI37+sRURX2RALRBRIKohCfflYpOlVwyczCBNmoS Hx8Y2GzEP8q1BYtNWWekYY9hlgFwnKh8q3M0YNxQ2hW8iOLoFdEnMbIF8YMmmTeU g3HF7WhgDXaLFPFzlT2HrICXvGLz177vDVocEugg4ygbo4Xd5MVZqkfsN1xUgAuG EqVnhoSpRaA8syCg96lJ+dN8BNd/BZKaFWXkN22WGWM+vR9No2NwCEAijiI/u6bN 6S1i97X4UD/SKPUDSr0+PSzWuAlva7vT078STrBj5FMm3JSbT+Q3SbbYQEE98esf hOOV0gOoTh2fkD1eOzZKK3jv/PfTykjJqrfhDu4D1HFvDYL3mScfovXsOZwYtEMx xHRnUExXIaFVEtEth38e =zNe+ -----END PGP SIGNATURE-----