CVE-2020-3243
published 2020-04-15CVE-2020-3243: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
88.37%
99.8th percentile
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director | — | — |
| cisco | ucs_director_and_cisco_ucs_director_express_for_big_data | — | — |
| cisco | ucs_director_express_for_big_data | <= 3.7.3.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor REST API endpoints on Cisco UCS Director for unauthenticated or anomalous requests that include directory traversal sequences (e.g., '../') in path parameters, which may indicate exploitation of CVE-2020-3243. ↗
- →Alert on REST API requests that successfully retrieve or leak the administrator's API key without prior authenticated session establishment, as this is the primary authentication bypass primitive used in exploitation. ↗
- →Flag use of the LEAK_FILE option pattern: requests attempting to read arbitrary absolute paths via the REST API directory traversal, which can be used to exfiltrate sensitive files beyond just the API key. ↗
- ·Exploitation has been confirmed on Cisco UCS Director versions below 6.7.4.0; the VMware distribution of 6.7.3.0 was specifically tested. Ensure version checks in detections account for this range. ↗
- ·If an attacker already possesses a valid API key, the authentication bypass step is unnecessary. Detections should not rely solely on observing the bypass phase; monitor for suspicious Cloupia script execution regardless of how the API key was obtained. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3p24-qq22-3v59: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authe
ghsa_unreviewed·2022-05-24
CVE-2020-3243 [HIGH] GHSA-3p24-qq22-3v59: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authe
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Cisco
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
vendor_cisco·2020-04-15·CVSS 9.8
CVE-2020-3239 [CRITICAL] CWE-20 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
Cisco
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
vendor_cisco·CVSS 3.0
CVE-2020-3243 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
CVE-2020-3243: Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the
CVSS: 3.0
CWE: CWE-20, CWE-22, CWE-264, CWE-20, CWE-22, CWE-264
Bug IDs: CSCvs53493, CSCvs53496, CSCvs53500, CSCvs53493, CSCvs53496
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4Ehttps://www.zerodayinitiative.com/advisories/ZDI-20-540/http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4Ehttps://www.zerodayinitiative.com/advisories/ZDI-20-540/
2020-04-15
Published