Skip to main content

Unified Computing System CVE-2015-4259

MEDIUM
Cryptographic Issues (CWE-310)
2015-07-10 psirt@cisco.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 10, 2015 - 15:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.

AnalysisAI

The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-310. The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. Affected products include: Cisco Unified Computing System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-6435 CRITICAL POC
9.8 Jan 22

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS)

CVE-2021-1368 HIGH
8.8 Feb 24

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software coul

CVE-2019-1907 HIGH
8.8 Aug 21

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote a

CVE-2019-1865 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1864 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0431 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0430 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2015-0718 HIGH
7.5 Mar 03

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) p

CVE-2012-4078 HIGH
8.5 Sep 24

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape se

CVE-2021-1387 HIGH
8.6 Feb 24

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a

CVE-2019-1863 HIGH
8.1 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1632 HIGH
8.0 Jun 20

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an aut

Share

CVE-2015-4259 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy