PT-2016-4766 · Gnu+1 · Gnupg+1

Publicado

2016-05-29

Atualizado

2016-12-01

CVE-2016-1404

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco UCS Invicta versions 4.3, 4.5, and 5.0.1

Description The issue allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic to an Autosupport server and leveraging knowledge of a hardcoded GnuPG encryption key from another installation.

Recommendations For Cisco UCS Invicta version 4.3, update to a version that uses unique encryption keys. For Cisco UCS Invicta version 4.5, update to a version that uses unique encryption keys. For Cisco UCS Invicta version 5.0.1, update to a version that uses unique encryption keys.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2016-1404

Produtos afetados

Cisco Ucs Invicta

Gnupg

PT-2016-4766 · Gnu+1 · Gnupg+1

CVE-2016-1404

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4