CVE-2020-3241 — Path Traversal in Cisco UCS Director

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 34.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco UCS Director Cisco Unified Computing System

Timeline

PublishedJun 18

Latest updateMay 24

Description

A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected devi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

▶NVDcisco/ucs_director< 6.7.4.0

▶CVEListV5cisco/cisco_unified_computing_systemn/a

🔴Vulnerability Details

GHSA

GHSA-9qfx-7mxj-67c9: A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on a↗2022-05-24

▶

CVEList

Cisco UCS Director Path Traversal Vulnerability↗2020-06-18

▶

📋Vendor Advisories

Cisco

Cisco UCS Director Path Traversal Vulnerability↗2020-06-17

▶