Sign-up

ID

VAR-202004-1247


CVE

CVE-2020-3247


TITLE

Cisco UCS Director and Cisco UCS Director Express for Big Data Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004412

DESCRIPTION

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of tar files by the LargeFileUploadServlet endpoint. The issue results from the lack of proper validation of a user-supplied UNIX symbolic link prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the tomcat service. Cisco UCS Director is a heterogeneous platform for Private Cloud Infrastructure as a Service (IaaS)

Trust: 2.34

sources: NVD: CVE-2020-3247 // JVNDB: JVNDB-2020-004412 // ZDI: ZDI-20-541 // VULHUB: VHN-181372

AFFECTED PRODUCTS

vendor:ciscomodel:ucs directorscope: - version: -

Trust: 1.5

vendor:ciscomodel:ucs directorscope:eqversion:6.7.1.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.2.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.2

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.2

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.1.0

Trust: 1.0

vendor:ciscomodel:ucs director express for big datascope:lteversion:3.7.3.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.2.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.3

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.4

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.3.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.3

Trust: 1.0

vendor:ciscomodel:ucs director express for big datascope: - version: -

Trust: 0.8

sources: ZDI: ZDI-20-541 // JVNDB: JVNDB-2020-004412 // NVD: CVE-2020-3247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3247
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3247
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004412
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-3247
value: CRITICAL

Trust: 0.7

CNNVD: CNNVD-202004-1111
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181372
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3247
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004412
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181372
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3247
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3247
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004412
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-3247
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-541 // VULHUB: VHN-181372 // JVNDB: JVNDB-2020-004412 // CNNVD: CNNVD-202004-1111 // NVD: CVE-2020-3247 // NVD: CVE-2020-3247

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-181372 // JVNDB: JVNDB-2020-004412 // NVD: CVE-2020-3247

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1111

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202004-1111

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004412

PATCH
title:cisco-sa-ucsd-mult-vulns-UNfpdW4Eurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
Trust: 1.5
title:Cisco UCS Director  and Cisco UCS Director Express for Big Data Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116012
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-541 // 
            
            
            
            JVNDB: JVNDB-2020-004412 // 
            
            
            
            CNNVD: CNNVD-202004-1111

EXTERNAL IDS
db:NVDid:CVE-2020-3247
Trust: 3.2
db:ZDIid:ZDI-20-541
Trust: 2.4
db:JVNDBid:JVNDB-2020-004412
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9593
Trust: 0.7
db:CNNVDid:CNNVD-202004-1111
Trust: 0.7
db:AUSCERTid:ESB-2020.1327.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1327
Trust: 0.6
db:CNVDid:CNVD-2020-25348
Trust: 0.1
db:VULHUBid:VHN-181372
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-541 // 
            
            
            
            VULHUB: VHN-181372 // 
            
            
            
            JVNDB: JVNDB-2020-004412 // 
            
            
            
            CNNVD: CNNVD-202004-1111 // 
            
            
            
            NVD: CVE-2020-3247

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsd-mult-vulns-unfpdw4e
Trust: 3.0
url:https://www.zerodayinitiative.com/advisories/zdi-20-541/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3247
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3247
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1327/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ucs-director-multiple-vulnerabilities-via-rest-api-32042
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1327.2/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-541 // 
            
            
            
            VULHUB: VHN-181372 // 
            
            
            
            JVNDB: JVNDB-2020-004412 // 
            
            
            
            CNNVD: CNNVD-202004-1111 // 
            
            
            
            NVD: CVE-2020-3247

CREDITS
Steven Seeley (mr_me) of Source Incite
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-541

SOURCES
db:ZDIid:ZDI-20-541
db:VULHUBid:VHN-181372
db:JVNDBid:JVNDB-2020-004412
db:CNNVDid:CNNVD-202004-1111
db:NVDid:CVE-2020-3247

LAST UPDATE DATE
2024-11-23T21:51:34.715000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-541date:2020-04-16T00:00:00
db:VULHUBid:VHN-181372date:2020-04-21T00:00:00
db:JVNDBid:JVNDB-2020-004412date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1111date:2020-04-26T00:00:00
db:NVDid:CVE-2020-3247date:2024-11-21T05:30:39.070

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-541date:2020-04-16T00:00:00
db:VULHUBid:VHN-181372date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004412date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1111date:2020-04-15T00:00:00
db:NVDid:CVE-2020-3247date:2020-04-15T21:15:35.590