fkie_nvd - fkie_cve-2020-3249

fkie_cve-2020-3249

Vulnerability from fkie_nvd

Published

2020-04-15 21:15

Modified

2024-11-21 05:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

References

URL	Tags
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E	Vendor Advisory
psirt@cisco.com	https://www.zerodayinitiative.com/advisories/ZDI-20-544/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-544/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	ucs_director	6.0.0.0
cisco	ucs_director	6.0.0.1
cisco	ucs_director	6.0.1.0
cisco	ucs_director	6.0.1.1
cisco	ucs_director	6.0.1.2
cisco	ucs_director	6.0.1.3
cisco	ucs_director	6.5.0.0
cisco	ucs_director	6.5.0.1
cisco	ucs_director	6.5.0.2
cisco	ucs_director	6.5.0.3
cisco	ucs_director	6.5.0.4
cisco	ucs_director	6.6.0.0
cisco	ucs_director	6.6.1.0
cisco	ucs_director	6.6.2.0
cisco	ucs_director	6.7.0.0
cisco	ucs_director	6.7.1.0
cisco	ucs_director	6.7.2.0
cisco	ucs_director	6.7.3.0
cisco	ucs_director_express_for_big_data	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5F6460C-AD67-4B0A-A900-798E7A2A92C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30AB6069-3180-4D00-9261-F86D4EB302A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E96C895-C82E-4436-B1F3-519BC7B5B1F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A554A288-54F3-4858-AE67-5562963128C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC3EFC64-7DB5-4811-A7D4-D86DABFD3C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "43431A81-FA16-400F-91EC-7502F834EDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DB174AA-261E-4252-AF4E-463EB72309D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD53EF5-5CCE-4080-A96B-52DEFB498230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0EB6B23-4681-4C7C-816A-971D9D77D4A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C8C068-3B64-4619-8B72-4C619BE5990E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4775D03D-021E-4D73-8194-5B0E3BCEC14A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95E9D60-7976-4CFB-B36B-0BC6675FA383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E99B2DD-0E27-42FE-AE41-BE9FE8E78D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7601151-DA20-4CE3-9B9B-BB60AB5FB5A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53FB8D53-BF77-443F-947A-79A6268CCC5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D16313A1-5D0B-4C91-B476-A9352A11AEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5782B5-C997-4438-82E4-4D2463CD1E15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:6.7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC013D67-262C-4D5C-BF51-4CB3A5D293FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director_express_for_big_data:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44C97153-7B77-44DA-898D-FF377A7F2E18",
              "versionEndIncluding": "3.7.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticaci\u00f3n o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor informaci\u00f3n acerca de estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso."
    }
  ],
  "id": "CVE-2020-3249",
  "lastModified": "2024-11-21T05:30:39.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T21:15:35.717",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-3249

Vulnerability from cvelistv5

Published

2020-04-15 20:10

Modified

2024-11-15 17:30

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E	vendor-advisory, x_refsource_CISCO
	https://www.zerodayinitiative.com/advisories/ZDI-20-544/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Cisco	Cisco UCS Director	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:19:54.493114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:30:00.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco UCS Director",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-16T18:06:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucsd-mult-vulns-UNfpdW4E",
        "defect": [
          [
            "CSCvs53493",
            "CSCvs53496",
            "CSCvs53500",
            "CSCvs53502",
            "CSCvs56399",
            "CSCvs56400",
            "CSCvs56401",
            "CSCvs69022",
            "CSCvs69171",
            "CSCvt39489",
            "CSCvt39526",
            "CSCvt39535",
            "CSCvt39555",
            "CSCvt39561",
            "CSCvt39565",
            "CSCvt39575",
            "CSCvt39580"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-04-15T16:00:00-0700",
          "ID": "CVE-2020-3249",
          "STATE": "PUBLIC",
          "TITLE": "Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco UCS Director",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200415 Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-544/"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucsd-mult-vulns-UNfpdW4E",
          "defect": [
            [
              "CSCvs53493",
              "CSCvs53496",
              "CSCvs53500",
              "CSCvs53502",
              "CSCvs56399",
              "CSCvs56400",
              "CSCvs56401",
              "CSCvs69022",
              "CSCvs69171",
              "CSCvt39489",
              "CSCvt39526",
              "CSCvt39535",
              "CSCvt39555",
              "CSCvt39561",
              "CSCvt39565",
              "CSCvt39575",
              "CSCvt39580"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3249",
    "datePublished": "2020-04-15T20:10:52.560832Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:30:00.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted