Sign-up

ID

VAR-202004-1249


CVE

CVE-2020-3249


TITLE

Cisco UCS Director and UCS Director Express Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004582

DESCRIPTION

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco UCS Director and UCS Director Express Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the saveWindowsNetworkConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Cisco UCS Director is a heterogeneous platform for Private Cloud Infrastructure as a Service (IaaS). Cisco UCS Director Express for Big Data is a unified infrastructure management platform for big data clusters. A remote attacker could exploit this vulnerability by sending a specially crafted request to the REST API to cause a denial of service

Trust: 2.34

sources: NVD: CVE-2020-3249 // JVNDB: JVNDB-2020-004582 // ZDI: ZDI-20-544 // VULHUB: VHN-181374

AFFECTED PRODUCTS

vendor:ciscomodel:ucs directorscope: - version: -

Trust: 1.5

vendor:ciscomodel:ucs directorscope:eqversion:6.7.1.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.2.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.2

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.2

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.1.0

Trust: 1.0

vendor:ciscomodel:ucs director express for big datascope:lteversion:3.7.3.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.0.1

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.2.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.0.1.3

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.6.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.4

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.3.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.7.0.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope:eqversion:6.5.0.3

Trust: 1.0

vendor:ciscomodel:ucs director express for big datascope: - version: -

Trust: 0.8

sources: ZDI: ZDI-20-544 // JVNDB: JVNDB-2020-004582 // NVD: CVE-2020-3249

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3249
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3249
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004582
value: HIGH

Trust: 0.8

ZDI: CVE-2020-3249
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202004-1110
value: HIGH

Trust: 0.6

VULHUB: VHN-181374
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3249
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004582
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181374
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3249
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3249
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004582
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-3249
baseSeverity: HIGH
baseScore: 8.2
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-544 // VULHUB: VHN-181374 // JVNDB: JVNDB-2020-004582 // CNNVD: CNNVD-202004-1110 // NVD: CVE-2020-3249 // NVD: CVE-2020-3249

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-181374 // JVNDB: JVNDB-2020-004582 // NVD: CVE-2020-3249

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1110

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202004-1110

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004582

PATCH
title:cisco-sa-ucsd-mult-vulns-UNfpdW4Eurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
Trust: 1.5
title:Cisco UCS Director  and Cisco UCS Director Express for Big Data Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116011
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-544 // 
            
            
            
            JVNDB: JVNDB-2020-004582 // 
            
            
            
            CNNVD: CNNVD-202004-1110

EXTERNAL IDS
db:NVDid:CVE-2020-3249
Trust: 3.2
db:ZDIid:ZDI-20-544
Trust: 2.4
db:JVNDBid:JVNDB-2020-004582
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9604
Trust: 0.7
db:CNNVDid:CNNVD-202004-1110
Trust: 0.7
db:AUSCERTid:ESB-2020.1327.2
Trust: 0.6
db:AUSCERTid:ESB-2020.1327
Trust: 0.6
db:CNVDid:CNVD-2020-25350
Trust: 0.1
db:VULHUBid:VHN-181374
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-544 // 
            
            
            
            VULHUB: VHN-181374 // 
            
            
            
            JVNDB: JVNDB-2020-004582 // 
            
            
            
            CNNVD: CNNVD-202004-1110 // 
            
            
            
            NVD: CVE-2020-3249

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsd-mult-vulns-unfpdw4e
Trust: 2.4
url:https://www.zerodayinitiative.com/advisories/zdi-20-544/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3249
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3249
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1327/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ucs-director-multiple-vulnerabilities-via-rest-api-32042
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1327.2/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-544 // 
            
            
            
            VULHUB: VHN-181374 // 
            
            
            
            JVNDB: JVNDB-2020-004582 // 
            
            
            
            CNNVD: CNNVD-202004-1110 // 
            
            
            
            NVD: CVE-2020-3249

CREDITS
Steven Seeley (mr_me) of Source Incite
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-544

SOURCES
db:ZDIid:ZDI-20-544
db:VULHUBid:VHN-181374
db:JVNDBid:JVNDB-2020-004582
db:CNNVDid:CNNVD-202004-1110
db:NVDid:CVE-2020-3249

LAST UPDATE DATE
2024-11-23T21:51:34.643000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-544date:2020-04-16T00:00:00
db:VULHUBid:VHN-181374date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2020-004582date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1110date:2020-04-21T00:00:00
db:NVDid:CVE-2020-3249date:2024-11-21T05:30:39.300

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-544date:2020-04-16T00:00:00
db:VULHUBid:VHN-181374date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004582date:2020-05-21T00:00:00
db:CNNVDid:CNNVD-202004-1110date:2020-04-15T00:00:00
db:NVDid:CVE-2020-3249date:2020-04-15T21:15:35.717