CVE-2024-20280

MEDIUM EPSS 1.6%
Published Oct 16, 20241y ago · Modified Jun 17, 20262w ago
6.3 CVSS 3.1
Medium
Find Similar
Published Oct 16, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key.

CVSS Details

Base Score
6.3
Exploitability
1.8
Impact
4.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
1.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-321
CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 38

VendorProductVersionRange
ciscoucs_central_software1.0\(1a\)any
ciscoucs_central_software1.1\(1a\)any
ciscoucs_central_software1.1\(1b\)any
ciscoucs_central_software1.1\(2a\)any
ciscoucs_central_software1.2\(1a\)any
ciscoucs_central_software1.2\(1d\)any
ciscoucs_central_software1.2\(1e\)any
ciscoucs_central_software1.2\(1f\)any
ciscoucs_central_software1.3\(1a\)any
ciscoucs_central_software1.3\(1b\)any
ciscoucs_central_software1.3\(1c\)any
ciscoucs_central_software1.4\(1a\)any
ciscoucs_central_software1.4\(1b\)any
ciscoucs_central_software1.4\(1c\)any
ciscoucs_central_software1.5\(1a\)any
ciscoucs_central_software1.5\(1b\)any
ciscoucs_central_software1.5\(1c\)any
ciscoucs_central_software2.0\(1a\)any
ciscoucs_central_software2.0\(1b\)any
ciscoucs_central_software2.0\(1c\)any
ciscoucs_central_software2.0\(1d\)any
ciscoucs_central_software2.0\(1e\)any
ciscoucs_central_software2.0\(1f\)any
ciscoucs_central_software2.0\(1g\)any
ciscoucs_central_software2.0\(1h\)any
ciscoucs_central_software2.0\(1i\)any
ciscoucs_central_software2.0\(1j\)any
ciscoucs_central_software2.0\(1k\)any
ciscoucs_central_software2.0\(1l\)any
ciscoucs_central_software2.0\(1m\)any
ciscoucs_central_software2.0\(1n\)any
ciscoucs_central_software2.0\(1o\)any
ciscoucs_central_software2.0\(1p\)any
ciscoucs_central_software2.0\(1q\)any
ciscoucs_central_software2.0\(1r\)any
ciscoucs_central_software2.0\(1s\)any
ciscoucs_central_software2.0\(1t\)any
ciscoucs_central_software2.0\(1u\)any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsc-bkpsky-TgJ5f73J
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.