Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability

cisco-sa-ucsd-Ar6BAguz · Medium · Published · Updated

A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2020-3329
Cisco Bug IDsCSCvs35506, CSCvs35510, CSCvs11314
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco UCS Director, Cisco Integrated Management Controller (IMC) Supervisor, Cisco Unified Computing System Director Express for Big Data

Related Products

Product CVE Evidence
Cisco Unified Computing System Director Express for Big Data CVE-2020-3329 Cisco OpenVuln
Cisco UCS Director CVE-2020-3329 Cisco OpenVuln
Cisco Integrated Management Controller (IMC) Supervisor CVE-2020-3329 Cisco OpenVuln