cisco-sa-ucsd-mult-vulns-UNfpdW4E

Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

cisco-sa-ucsd-mult-vulns-UNfpdW4E · Critical · Published 6 years ago · Updated 6 years ago

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEs	CVE-2020-3239, CVE-2020-3240, CVE-2020-3243, CVE-2020-3247, CVE-2020-3248, CVE-2020-3249, CVE-2020-3250, CVE-2020-3251, CVE-2020-3252
Cisco Bug IDs	CSCvs53496, CSCvt39580, CSCvs56400, CSCvt39535, CSCvs69171, CSCvt39489, CSCvs56401, CSCvt39526, CSCvs53502, CSCvt39565, CSCvs69022, CSCvs53500, CSCvt39561, CSCvs56399, CSCvt39555, CSCvs53493, CSCvt39575
CVSS Score	Base 9.8 Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Base 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X Base 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X Base 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Base 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco UCS Director, Cisco Unified Computing System Director Express for Big Data

Related Products

Product	CVE	Evidence
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3252	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3251	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3250	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3249	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3248	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3247	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3243	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3240	Cisco OpenVuln
Cisco Unified Computing System Director Express for Big Data	CVE-2020-3239	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3252	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3251	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3250	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3249	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3248	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3247	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3243	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3240	Cisco OpenVuln
Cisco UCS Director	CVE-2020-3239	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

Workarounds

Related Products