CVE-2020-3249

CWE-20 — Improper Input Validation CWE-22 — Path Traversal CWE-2644 documents4 sources

Severity

7.5HIGH

EPSS

26.2%

top 3.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco UCS Director Express FOR BIG Data Cisco Cisco UCS Director Cisco UCS Director

Timeline

PublishedApr 15

Latest updateMay 24

Description

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/ucs_director_express3.7.3.0

▶NVDcisco/ucs_director18 versions+17

▶CVEListV5cisco/cisco_ucs_directorn/a

🔴Vulnerability Details

GHSA

GHSA-m265-9cv9-6vq9: Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authe↗2022-05-24

▶

CVEList

Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data↗2020-04-15

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data↗2020-04-15

▶