← back
CVE-2020-3243

Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

CVSS 9.8 CRITICALEPSS 88.4%CWE-20
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco UCS Director
public PoCs found1
cve_referencepacketstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4Ehttps://www.zerodayinitiative.com/advisories/ZDI-20-540/