Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.

N/A

使用硬编码的凭证

Cisco Integrated Management Controller Supervisor、Cisco UCS Director和Cisco UCS Director Express for Big Data 信任管理问题漏洞

Cisco Integrated Management Controller (IMC) Supervisor等都是美国思科（Cisco）公司的产品。Cisco Integrated Management Controller (IMC) Supervisor是一套机架式服务器集中管理系统。Cisco UCS Director是一套私有云基础架构即服务（IaaS）的异构平台。Cisco UCS Director Express for Big Data是一套针对大数据集群的基础架构统一管理平台。 Cisc

N/A

N/A