ID:3032 - Exploit for Improper Authentication in Cisco UCS Director and Cisco UCS Director Express for Big Data - CVE-2020-3250

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3032 - Exploit for Improper Authentication in Cisco UCS Director and Cisco UCS Director Express for Big Data - CVE-2020-3250

ID:3032 - Exploit for Improper Authentication in Cisco UCS Director and Cisco UCS Director Express for Big Data - CVE-2020-3250

Published: June 19, 2020


Vulnerability identifier: #VU26989
Vulnerability risk: High
CVE-ID: CVE-2020-3250
CWE-ID: CWE-287
Exploitation vector: Remote access
Vulnerable software:
Cisco UCS Director
Cisco UCS Director Express for Big Data

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insufficient access control validation in the REST API. A remote attacker can send a specially crafted request, bypass authentication process, interact with the REST API and cause a denial of service (DoS) condition on the target system.


Remediation

Install update from vendor's website.