CVE-2020-3470

CWE-119Buffer OverflowCWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICAL
EPSS
3.2%
top 12.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Enterprise NFV Infrastructure SoftwareCisco Integrated Management ControllerCisco Cisco Unified Computing System (standalone)
Timeline
PublishedNov 18
Latest updateMay 24

Description

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successfu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDcisco/integrated_management_controller4.0\(1a\)4.0\(4l\)+5

🔴Vulnerability Details

2
GHSA
GHSA-q622-qgp9-63h7: Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execu2022-05-24
CVEList
Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities2020-11-18

📋Vendor Advisories

1
Cisco
Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities2020-11-18
CVE-2020-3470 (CRITICAL CVSS 9.8) | Multiple vulnerabilities in the API | cvebase.io