CVE-2024-20280

Name of the Vulnerable Software and Affected Versions: Cisco UCS Central Software (affected versions not specified)

Description: A weakness in the encryption method used for the backup function in Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information. This information includes local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. The vulnerability is due to the use of a static key for the backup configuration feature, which an attacker could exploit by accessing a backup file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.