SB2020041613 - Multiple vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
Published: April 16, 2020 Updated: June 18, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2020-3239)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API . A remote authenticated attacker can send a specially crafted zip file and write or execute arbitrary files on the system with full administrative privileges.
2) Input validation error (CVE-ID: CVE-2020-3240)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the REST API. A remote attacker can send a specially crafted file, open a remote shell and execute arbitrary code with root privileges.
3) Improper Authentication (CVE-ID: CVE-2020-3243)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to insufficient access control validation in the REST API. A remote attacker can send a specially crafted request, bypass authentication process and interact with the REST API with administrative privileges.
4) Path Traversal (CVE-ID: CVE-2020-3247)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API . A remote authenticated attacker can send a specially crafted file and write or execute arbitrary files on the system.
5) Path Traversal (CVE-ID: CVE-2020-3248)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API . A remote authenticated attacker can send a specially crafted request and execute arbitrary code with root privileges.
6) Path Traversal (CVE-ID: CVE-2020-3249)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API. A remote authenticated attacker can send a specially crafted request and cause a denial of service (DoS) condition on the target system.
7) Improper Authentication (CVE-ID: CVE-2020-3250)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to insufficient access control validation in the REST API. A remote attacker can send a specially crafted request, bypass authentication process, interact with the REST API and cause a denial of service (DoS) condition on the target system.
8) Path Traversal (CVE-ID: CVE-2020-3251)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
9) Path Traversal (CVE-ID: CVE-2020-3252)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API. A remote authenticated attacker can send a specially crafted request and read arbitrary files on the target system.
10) Path traversal (CVE-ID: CVE-2020-3241)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the web-based management interface in the orchestration tasks. A remote administrator can create a task with specific configuration parameters and overwrite arbitrary files in the file system of an affected device.
11) Information disclosure (CVE-ID: CVE-2020-3242)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to confidential information is returned as part of an API response. A remote administrator can send a specially crafted request and obtain the API key of another user, allowing him to impersonate the account of that user on the affected device
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-task-path-trav-d67ZuAk7
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-info-disclosure-gSMU8EKT