Multiple vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data



Published: 2020-04-16 | Updated: 2020-06-18
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2020-3239
CVE-2020-3240
CVE-2020-3243
CVE-2020-3247
CVE-2020-3248
CVE-2020-3249
CVE-2020-3250
CVE-2020-3251
CVE-2020-3252
CVE-2020-3241
CVE-2020-3242
CWE-ID CWE-22
CWE-20
CWE-287
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
Cisco UCS Director
Server applications / Other server solutions

Cisco UCS Director Express for Big Data
Server applications / Other server solutions

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

Updated 18.06.2020
Added vulnerabilities #10-11

1) Path traversal

EUVDB-ID: #VU26983

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3239

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API . A remote authenticated attacker can send a specially crafted zip file and write or execute arbitrary files on the system with full administrative privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU26984

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3240

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input in the REST API. A remote attacker can send a specially crafted file, open a remote shell and execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Authentication

EUVDB-ID: #VU26985

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2020-3243

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insufficient access control validation in the REST API. A remote attacker can send a specially crafted request, bypass authentication process and interact with the REST API with administrative privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

4) Path Traversal

EUVDB-ID: #VU26986

Risk: High

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-3247

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API . A remote authenticated attacker can send a specially crafted file and write or execute arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Path Traversal

EUVDB-ID: #VU26987

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3248

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API . A remote authenticated attacker can send a specially crafted request and execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Path Traversal

EUVDB-ID: #VU26988

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3249

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API. A remote authenticated attacker can send a specially crafted request and cause a denial of service (DoS) condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Authentication

EUVDB-ID: #VU26989

Risk: High

CVSSv3.1: 8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2020-3250

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insufficient access control validation in the REST API. A remote attacker can send a specially crafted request, bypass authentication process, interact with the REST API and cause a denial of service (DoS) condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

8) Path Traversal

EUVDB-ID: #VU26990

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3251

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Path Traversal

EUVDB-ID: #VU26991

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3252

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API. A remote authenticated attacker can send a specially crafted request and read arbitrary files on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 6.0.0.0 - 6.7.3.0

Cisco UCS Director Express for Big Data: 3.7.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Path traversal

EUVDB-ID: #VU29144

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3241

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the web-based management interface in the orchestration tasks. A remote administrator can create a task with specific configuration parameters and overwrite arbitrary files in the file system of an affected device.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco UCS Director: 5.4.0.0 - 6.7.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-task-path-trav-d67ZuAk7


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU29145

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3242

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to confidential information is returned as part of an API response. A remote administrator can send a specially crafted request and obtain the API key of another user, allowing him to impersonate the account of that user on the affected device

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco UCS Director: 5.4.0.0 - 6.7.3.1

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-info-disclosure-gSMU8EKT


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###