A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system.

An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the root account to the system without providing a password.

An exploit could allow the attacker to gain access to the system with the privileges of the root user.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs
A vulnerability in the implementation of intra-process communication for Cisco UCS Invicta Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default SSH private key that is stored in an insecure way on the system.

An attacker could exploit this vulnerability by obtaining the SSH private key and connecting using the root account to the system without providing a password.

An exploit could allow the attacker to gain access to the system with the privileges of the root user.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-ucs

Security Impact Rating: Critical

CVE: CVE-2016-1313