Sign-up

ID

VAR-202006-1107


CVE

CVE-2020-3242


TITLE

Cisco UCS Director Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006872

DESCRIPTION

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device. Cisco UCS Director There is an information leakage vulnerability in.Information may be obtained. Cisco UCS Director is a heterogeneous platform of private cloud infrastructure as a service (IaaS) of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2020-3242 // JVNDB: JVNDB-2020-006872 // VULHUB: VHN-181367

AFFECTED PRODUCTS

vendor:ciscomodel:ucs directorscope:ltversion:6.7.4.0

Trust: 1.0

vendor:ciscomodel:ucs directorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006872 // NVD: CVE-2020-3242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3242
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3242
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006872
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1172
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181367
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3242
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006872
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181367
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3242
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3242
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006872
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181367 // JVNDB: JVNDB-2020-006872 // CNNVD: CNNVD-202006-1172 // NVD: CVE-2020-3242 // NVD: CVE-2020-3242

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-181367 // JVNDB: JVNDB-2020-006872 // NVD: CVE-2020-3242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1172

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1172

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006872

PATCH
title:cisco-sa-ucsd-info-disclosure-gSMU8EKTurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-info-disclosure-gSMU8EKT
Trust: 0.8
title:Cisco UCS Director Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121865
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006872 // 
            
            
            
            CNNVD: CNNVD-202006-1172

EXTERNAL IDS
db:NVDid:CVE-2020-3242
Trust: 2.5
db:JVNDBid:JVNDB-2020-006872
Trust: 0.8
db:CNNVDid:CNNVD-202006-1172
Trust: 0.7
db:NSFOCUSid:47209
Trust: 0.6
db:AUSCERTid:ESB-2020.2122
Trust: 0.6
db:CNVDid:CNVD-2020-34288
Trust: 0.1
db:VULHUBid:VHN-181367
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181367 // 
            
            
            
            JVNDB: JVNDB-2020-006872 // 
            
            
            
            CNNVD: CNNVD-202006-1172 // 
            
            
            
            NVD: CVE-2020-3242

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsd-info-disclosure-gsmu8ekt
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3242
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3242
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47209
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ucs-director-information-disclosure-32558
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2122/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181367 // 
            
            
            
            JVNDB: JVNDB-2020-006872 // 
            
            
            
            CNNVD: CNNVD-202006-1172 // 
            
            
            
            NVD: CVE-2020-3242

SOURCES
db:VULHUBid:VHN-181367
db:JVNDBid:JVNDB-2020-006872
db:CNNVDid:CNNVD-202006-1172
db:NVDid:CVE-2020-3242

LAST UPDATE DATE
2024-11-23T22:21:10.056000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181367date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-006872date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1172date:2020-07-23T00:00:00
db:NVDid:CVE-2020-3242date:2024-11-21T05:30:38.477

SOURCES RELEASE DATE
db:VULHUBid:VHN-181367date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006872date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1172date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3242date:2020-06-18T03:15:11.277