CVE-2020-3242Sensitive Information Exposure in Cisco UCS Director

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 50.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco UCS DirectorCisco Unified Computing System
Timeline
PublishedJun 18
Latest updateMay 24

Description

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impers

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ucs_director< 6.7.4.0

🔴Vulnerability Details

2
GHSA
GHSA-fvf6-hc8j-mrrw: A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confident2022-05-24
CVEList
Cisco UCS Director Information Disclosure Vulnerability2020-06-18

📋Vendor Advisories

1
Cisco
Cisco UCS Director Information Disclosure Vulnerability2020-06-17