Lucene search

[email protected]CVE-2020-3240

HistoryApr 15, 2020 - 9:15 p.m.

CVE-2020-3240

2020-04-1521:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

ucs director

ucs director express

big data

rest api

vulnerabilities

authentication bypass

directory traversal

remote attack

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.112 Low

EPSS

Percentile

95.1%

JSON

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CPENameOperatorVersion
cisco:ucs_directorcisco ucs directoreq6.0.0.0
cisco:ucs_directorcisco ucs directoreq6.5.0.0
cisco:ucs_directorcisco ucs directoreq6.6.0.0
cisco:ucs_directorcisco ucs directoreq6.6.1.0
cisco:ucs_directorcisco ucs directoreq6.7.0.0
cisco:ucs_directorcisco ucs directoreq6.7.1.0
cisco:ucs_directorcisco ucs directoreq6.0.0.1
cisco:ucs_directorcisco ucs directoreq6.0.1.0
cisco:ucs_directorcisco ucs directoreq6.0.1.1
cisco:ucs_directorcisco ucs directoreq6.0.1.2

CPE	Name	Operator	Version
cisco:ucs_director	cisco ucs director	eq	6.0.0.0
cisco:ucs_director	cisco ucs director	eq	6.5.0.0
cisco:ucs_director	cisco ucs director	eq	6.6.0.0
cisco:ucs_director	cisco ucs director	eq	6.6.1.0
cisco:ucs_director	cisco ucs director	eq	6.7.0.0
cisco:ucs_director	cisco ucs director	eq	6.7.1.0
cisco:ucs_director	cisco ucs director	eq	6.0.0.1
cisco:ucs_director	cisco ucs director	eq	6.0.1.0
cisco:ucs_director	cisco ucs director	eq	6.0.1.1
cisco:ucs_director	cisco ucs director	eq	6.0.1.2

Rows per page:

1-10 of 191

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E

www.zerodayinitiative.com/advisories/ZDI-20-542/

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.112 Low

EPSS

Percentile

95.1%

JSON

Related for CVE-2020-3240

prion1 zdi1 checkpoint_advisories1 nessus1 cisco1 threatpost1