CVE-2020-3329

CWE-284 — Improper Access Control4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 66.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Integrated Management Controller Supervisor Cisco UCS Director Cisco UCS Director Express FOR BIG Data +1 more

Timeline

PublishedMay 6

Latest updateMay 24

Description

A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only u…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDcisco/integrated_management_controller_supervisor1.1.0.0 — 2.2.1.3

▶NVDcisco/ucs_director_express2.0.0.0 — 3.7.4.0

▶NVDcisco/ucs_director5.4.0.0 — 6.7.4.0

▶CVEListV5cisco/cisco_ucs_directorn/a

🔴Vulnerability Details

GHSA

GHSA-r92q-j6h7-wh5j: A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Ex↗2022-05-24

▶

CVEList

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability↗2020-05-06

▶