CVE-2014-0709

critical

Published 2014-02-22 · Modified 2026-04-29

CVSS v3

—

CVSS v2

9.3

VIR risk

9.3

Description

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd

Application impact

Vendor	Product	Versions
cisco	ucs_director	`{"endIncluding":"4.0.0.2"}`
cisco	ucs_director	`4.0.0.0`
cisco	ucs_director	`4.0.0.1`

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.