CVE-2015-4259

The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177.

Published: Jul 10, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4259
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
cisco / unified_computing_system	1.6(0.16)	1.6(0.16).x
cisco / unified_computing_system	1.5(3)	1.5(3).x

http://tools.cisco.com/security/center/viewAlert.x?alertId=39803
http://www.securitytracker.com/id/1032872

Vulnerability Database

289,599

CVE-2015-4259