CyberSec.Space Logo
Back to CVE Browser

CVE-2020-3243

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1760%
EPSS Percentile35.56th
PublishedApr 15, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Platforms (CPE)

πŸ“¦
Cisco

Ucs Director

= 6.0.0.0
πŸ“¦
Cisco

Ucs Director

= 6.0.0.1
πŸ“¦
Cisco

Ucs Director

= 6.0.1.0
πŸ“¦
Cisco

Ucs Director

= 6.0.1.1
πŸ“¦
Cisco

Ucs Director

= 6.0.1.2
πŸ“¦
Cisco

Ucs Director

= 6.0.1.3
πŸ“¦
Cisco

Ucs Director

= 6.5.0.0
πŸ“¦
Cisco

Ucs Director

= 6.5.0.1
πŸ“¦
Cisco

Ucs Director

= 6.5.0.2
πŸ“¦
Cisco

Ucs Director

= 6.5.0.3
πŸ“¦
Cisco

Ucs Director

= 6.5.0.4
πŸ“¦
Cisco

Ucs Director

= 6.6.0.0
πŸ“¦
Cisco

Ucs Director

= 6.6.1.0
πŸ“¦
Cisco

Ucs Director

= 6.6.2.0
πŸ“¦
Cisco

Ucs Director

= 6.7.0.0
πŸ“¦
Cisco

Ucs Director

= 6.7.1.0
πŸ“¦
Cisco

Ucs Director

= 6.7.2.0
πŸ“¦
Cisco

Ucs Director

= 6.7.3.0
πŸ“¦
Cisco

Ucs Director Express For Big Data

<= 3.7.3.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.html
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-20-540/
πŸ”— http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.html
πŸ”— https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-20-540/

Related Vulnerabilities

CVE-2018-02389.9

A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow...

CVE-2019-19389.8

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allo...

CVE-2019-19379.8

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Direct...

CVE-2019-19359.8

A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for...