Sign-up

ID

VAR-202004-1248


CVE

CVE-2020-3248


TITLE

Cisco UCS Director and UCS Director Express for Big Data Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004581

DESCRIPTION

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the saveStaticConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Cisco UCS Director is a heterogeneous platform for Private Cloud Infrastructure as a Service (IaaS)

Trust: 2.34

sources: NVD: CVE-2020-3248 // JVNDB: JVNDB-2020-004581 // ZDI: ZDI-20-543 // VULHUB: VHN-181373

AFFECTED PRODUCTS

vendor:ciscomodel:ucs directorscope: - version: -

Trust: 1.5

vendor:ciscomodel:ucs directorscope:eqversion:6.7.1.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.2.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.2

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.2

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.1.0

Trust: 1.0

vendor:ciscomodel:ucs director express for big datascope:lteversion:3.7.3.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.2.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.3

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.4

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.3.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.3

Trust: 1.0

vendor:ciscomodel:ucs director express for big datascope: - version: -

Trust: 0.8

sources: ZDI: ZDI-20-543 // JVNDB: JVNDB-2020-004581 // NVD: CVE-2020-3248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3248
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3248
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004581
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-3248
value: CRITICAL

Trust: 0.7

CNNVD: CNNVD-202004-1112
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181373
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3248
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004581
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181373
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3248
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3248
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004581
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-3248
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-543 // VULHUB: VHN-181373 // JVNDB: JVNDB-2020-004581 // CNNVD: CNNVD-202004-1112 // NVD: CVE-2020-3248 // NVD: CVE-2020-3248

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-181373 // JVNDB: JVNDB-2020-004581 // NVD: CVE-2020-3248

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1112

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202004-1112

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004581

PATCH
title:cisco-sa-ucsd-mult-vulns-UNfpdW4Eurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
Trust: 1.5
title:Cisco UCS Director  and Cisco UCS Director Express for Big Data Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116013
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-543 // 
            
            
            
            JVNDB: JVNDB-2020-004581 // 
            
            
            
            CNNVD: CNNVD-202004-1112

EXTERNAL IDS
db:NVDid:CVE-2020-3248
Trust: 3.2
db:ZDIid:ZDI-20-543
Trust: 2.4
db:JVNDBid:JVNDB-2020-004581
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9596
Trust: 0.7
db:CNNVDid:CNNVD-202004-1112
Trust: 0.7
db:AUSCERTid:ESB-2020.1327.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1327
Trust: 0.6
db:CNVDid:CNVD-2020-25349
Trust: 0.1
db:VULHUBid:VHN-181373
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-543 // 
            
            
            
            VULHUB: VHN-181373 // 
            
            
            
            JVNDB: JVNDB-2020-004581 // 
            
            
            
            CNNVD: CNNVD-202004-1112 // 
            
            
            
            NVD: CVE-2020-3248

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsd-mult-vulns-unfpdw4e
Trust: 2.4
url:https://www.zerodayinitiative.com/advisories/zdi-20-543/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3248
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3248
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1327/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ucs-director-multiple-vulnerabilities-via-rest-api-32042
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1327.2/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-543 // 
            
            
            
            VULHUB: VHN-181373 // 
            
            
            
            JVNDB: JVNDB-2020-004581 // 
            
            
            
            CNNVD: CNNVD-202004-1112 // 
            
            
            
            NVD: CVE-2020-3248

CREDITS
Steven Seeley (mr_me) of Source Incite
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-543

SOURCES
db:ZDIid:ZDI-20-543
db:VULHUBid:VHN-181373
db:JVNDBid:JVNDB-2020-004581
db:CNNVDid:CNNVD-202004-1112
db:NVDid:CVE-2020-3248

LAST UPDATE DATE
2024-11-23T21:51:31.074000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-543date:2020-04-16T00:00:00
db:VULHUBid:VHN-181373date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2020-004581date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1112date:2020-04-21T00:00:00
db:NVDid:CVE-2020-3248date:2024-11-21T05:30:39.183

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-543date:2020-04-16T00:00:00
db:VULHUBid:VHN-181373date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004581date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1112date:2020-04-15T00:00:00
db:NVDid:CVE-2020-3248date:2020-04-15T21:15:35.653