CVE-2020-3371

A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	MEDIUM
CVSS	6.3
EPSS	1.91% EPSS medium
CWE	CWE-78
KEV
Published	5 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Unified Computing System (Standalone)	cisco-sa-CIMC-CIV-pKDBe9x5	structured affected CSAF product_status
Cisco Unified Computing System E-Series Software (UCSE)	cisco-sa-CIMC-CIV-pKDBe9x5	structured affected CSAF product_status