ID
VAR-202005-1040
CVE
CVE-2020-3329
TITLE
plural Cisco Product permission management vulnerabilities
Trust: 0.8
sources:
JVNDB: JVNDB-2020-004967
DESCRIPTION
A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users. are all products of Cisco (Cisco). Cisco UCS Director is a heterogeneous platform for Private Cloud Infrastructure as a Service (IaaS). Remote attackers can exploit this vulnerability to perform illegal operations. The following products and versions are affected: IMC Supervisor 1.1.0.0 and later (version 2.2.1.3 is fixed); UCS Director 5.4.0.0 and later (version 6.7.4.0 is fixed); UCS Director Express for Big Data 2.0.0.0 and later versions (fixed in version 3.7.4.0)
Trust: 1.8
sources:
NVD: CVE-2020-3329 //
JVNDB: JVNDB-2020-004967 //
VULHUB: VHN-181454 //
VULMON: CVE-2020-3329
AFFECTED PRODUCTS
| vendor: | cisco | model: | ucs director | scope: | lt | version: | 6.7.4.0 | Trust: 1.0 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | gte | version: | 1.1.0.0 | Trust: 1.0 |
| vendor: | cisco | model: | ucs director | scope: | gte | version: | 5.4.0.0 | Trust: 1.0 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | lt | version: | 2.2.1.3 | Trust: 1.0 |
| vendor: | cisco | model: | ucs director express for big data | scope: | lt | version: | 3.7.4.0 | Trust: 1.0 |
| vendor: | cisco | model: | ucs director express for big data | scope: | gte | version: | 2.0.0.0 | Trust: 1.0 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ucs director | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | ucs director express for big data | scope: | - | version: | - | Trust: 0.8 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 1.1.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.1(0.0) | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.1.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.1.0.1 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.1.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.0.1 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.0.3 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.0.4 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.0.5 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.0.6 | Trust: 0.1 |
| vendor: | cisco | model: | integrated management controller supervisor | scope: | eq | version: | 2.2.1.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.4.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.4.0.1 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.4.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.4.0.3 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.4.0.4 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.5.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.5.0.1 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 5.5.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.0(1.0) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.0(1.1) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.0(1.2) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.0(1.3) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.5.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.5.0.1 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.5.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.5.0.3 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.5.0.4 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.6 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.6(1.0) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.6.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.6.1.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.6.2.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.7 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.7(1.0) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.7(1.1) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.7(2.0) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.7(2.2.67425) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.7(3.0) | Trust: 0.1 |
| vendor: | cisco | model: | ucs director | scope: | eq | version: | 6.7.3.1 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 2.0.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 2.1.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 2.1.0.2 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.0.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.0.1.3 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.5.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.5.0.3 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.6.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.6.1.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.7.0.0 | Trust: 0.1 |
| vendor: | cisco | model: | ucs director express for big data | scope: | eq | version: | 3.7.2.0 | Trust: 0.1 |
sources:
VULMON: CVE-2020-3329 //
JVNDB: JVNDB-2020-004967 //
NVD: CVE-2020-3329
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-181454 //
VULMON: CVE-2020-3329 //
JVNDB: JVNDB-2020-004967 //
CNNVD: CNNVD-202005-220 //
NVD: CVE-2020-3329 //
NVD: CVE-2020-3329
PROBLEMTYPE DATA
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
| problemtype: | CWE-269 | Trust: 0.9 |
sources:
VULHUB: VHN-181454 //
JVNDB: JVNDB-2020-004967 //
NVD: CVE-2020-3329
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202005-220
TYPE
other
Trust: 0.6
sources:
CNNVD: CNNVD-202005-220
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-004967
PATCH
| title: | cisco-sa-ucsd-Ar6BAguz | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-Ar6BAguz | Trust: 0.8 |
| title: | Cisco Integrated Management Controller Supervisor , Cisco UCS Director and Cisco UCS Director Express for Big Data Fixes for access control error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117821 | Trust: 0.6 |
| title: | Cisco: Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucsd-Ar6BAguz | Trust: 0.1 |
sources:
VULMON: CVE-2020-3329 //
JVNDB: JVNDB-2020-004967 //
CNNVD: CNNVD-202005-220
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-3329 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2020-004967 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202005-220 | Trust: 0.7 |
| db: | AUSCERT | id: | ESB-2020.1618 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2020-31113 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-181454 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2020-3329 | Trust: 0.1 |
sources:
VULHUB: VHN-181454 //
VULMON: CVE-2020-3329 //
JVNDB: JVNDB-2020-004967 //
CNNVD: CNNVD-202005-220 //
NVD: CVE-2020-3329
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsd-ar6baguz | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-3329 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3329 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/cisco-unified-computing-system-director-privilege-escalation-32207 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.1618/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/269.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/181519 | Trust: 0.1 |
sources:
VULHUB: VHN-181454 //
VULMON: CVE-2020-3329 //
JVNDB: JVNDB-2020-004967 //
CNNVD: CNNVD-202005-220 //
NVD: CVE-2020-3329
SOURCES
| db: | VULHUB | id: | VHN-181454 |
| db: | VULMON | id: | CVE-2020-3329 |
| db: | JVNDB | id: | JVNDB-2020-004967 |
| db: | CNNVD | id: | CNNVD-202005-220 |
| db: | NVD | id: | CVE-2020-3329 |
LAST UPDATE DATE
2024-11-23T22:37:23.153000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-181454 | date: | 2021-10-26T00:00:00 |
| db: | VULMON | id: | CVE-2020-3329 | date: | 2020-05-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-004967 | date: | 2020-06-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-202005-220 | date: | 2021-10-27T00:00:00 |
| db: | NVD | id: | CVE-2020-3329 | date: | 2024-11-21T05:30:48.813 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-181454 | date: | 2020-05-06T00:00:00 |
| db: | VULMON | id: | CVE-2020-3329 | date: | 2020-05-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-004967 | date: | 2020-06-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-202005-220 | date: | 2020-05-06T00:00:00 |
| db: | NVD | id: | CVE-2020-3329 | date: | 2020-05-06T17:15:13.963 |