Details of VAR-202004-1246

ID

VAR-202004-1246

CVE

CVE-2020-3243

TITLE

Cisco UCS Director and UCS Director Express for Big Data Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004580

DESCRIPTION

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco UCS Director and UCS Director Express for Big Data Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of the X-Cloupia-Request-Key field in requests. The issue results from the lack of proper validation of the user-supplied field prior to using it in authentication operations. An attacker can leverage this vulnerability to bypass authentication on the system. Cisco UCS Director is a heterogeneous platform for Private Cloud Infrastructure as a Service (IaaS). A remote attacker could exploit this vulnerability by sending specially crafted requests to the REST API to perform arbitrary operations with administrative privileges on the affected device

Trust: 2.34

sources: NVD: CVE-2020-3243 // JVNDB: JVNDB-2020-004580 // ZDI: ZDI-20-540 // VULHUB: VHN-181368

AFFECTED PRODUCTS

vendor:	cisco	model:	ucs director	scope:	-	version:	-	Trust: 1.5
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.7.1.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.7.2.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.0.1.1	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.0.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.5.0.2	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.0.1.2	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.5.0.1	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.0.1.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.6.1.0	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	lte	version:	3.7.3.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.0.0.1	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.6.2.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.0.1.3	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.6.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.5.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.5.0.4	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.7.3.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.7.0.0	Trust: 1.0
vendor:	cisco	model:	ucs director	scope:	eq	version:	6.5.0.3	Trust: 1.0
vendor:	cisco	model:	ucs director express for big data	scope:	-	version:	-	Trust: 0.8

sources: ZDI: ZDI-20-540 // JVNDB: JVNDB-2020-004580 // NVD: CVE-2020-3243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3243
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3243
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-004580
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2020-3243
value:	CRITICAL
Trust: 0.7
CNNVD:	CNNVD-202004-1109
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-181368
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3243
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004580
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181368
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3243
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3243
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-004580
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-3243
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-540 // VULHUB: VHN-181368 // JVNDB: JVNDB-2020-004580 // CNNVD: CNNVD-202004-1109 // NVD: CVE-2020-3243 // NVD: CVE-2020-3243

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.9
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-181368 // JVNDB: JVNDB-2020-004580 // NVD: CVE-2020-3243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1109

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1109

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004580

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-181368

PATCH

title:	cisco-sa-ucsd-mult-vulns-UNfpdW4E	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E	Trust: 1.5
title:	Cisco UCS Director and Cisco UCS Director Express for Big Data Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116010	Trust: 0.6

sources: ZDI: ZDI-20-540 // JVNDB: JVNDB-2020-004580 // CNNVD: CNNVD-202004-1109

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3243	Trust: 3.2
db:	ZDI	id:	ZDI-20-540	Trust: 2.4
db:	PACKETSTORM	id:	157955	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004580	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9559	Trust: 0.7
db:	CNNVD	id:	CNNVD-202004-1109	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1327	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1327.2	Trust: 0.6
db:	CNVD	id:	CNVD-2020-25347	Trust: 0.1
db:	VULHUB	id:	VHN-181368	Trust: 0.1

sources: ZDI: ZDI-20-540 // VULHUB: VHN-181368 // JVNDB: JVNDB-2020-004580 // CNNVD: CNNVD-202004-1109 // NVD: CVE-2020-3243

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsd-mult-vulns-unfpdw4e	Trust: 3.0
url:	http://packetstormsecurity.com/files/157955/cisco-ucs-director-cloupia-script-remote-code-execution.html	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-20-540/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3243	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3243	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1327/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ucs-director-multiple-vulnerabilities-via-rest-api-32042	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1327.2/	Trust: 0.6

sources: ZDI: ZDI-20-540 // VULHUB: VHN-181368 // JVNDB: JVNDB-2020-004580 // CNNVD: CNNVD-202004-1109 // NVD: CVE-2020-3243

CREDITS

Steven Seeley (mr_me) of Source Incite

Trust: 0.7

sources: ZDI: ZDI-20-540

SOURCES

db:	ZDI	id:	ZDI-20-540
db:	VULHUB	id:	VHN-181368
db:	JVNDB	id:	JVNDB-2020-004580
db:	CNNVD	id:	CNNVD-202004-1109
db:	NVD	id:	CVE-2020-3243

LAST UPDATE DATE

2024-11-23T21:51:34.681000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-540	date:	2020-04-16T00:00:00
db:	VULHUB	id:	VHN-181368	date:	2020-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-004580	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1109	date:	2020-06-08T00:00:00
db:	NVD	id:	CVE-2020-3243	date:	2024-11-21T05:30:38.597

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-540	date:	2020-04-16T00:00:00
db:	VULHUB	id:	VHN-181368	date:	2020-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-004580	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202004-1109	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2020-3243	date:	2020-04-15T21:15:35.527