Main Vulnerability Database Exploits ID:4746 - Exploit for Path Traversal in Cisco UCS Director and Cisco UCS Director Express for Big Data - CVE-2020-3247

ID:4746 - Exploit for Path Traversal in Cisco UCS Director and Cisco UCS Director Express for Big Data - CVE-2020-3247

Published: October 27, 2020

Vulnerability identifier: #VU26986

Vulnerability risk: High

CVE-ID: CVE-2020-3247

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Cisco UCS Director
Cisco UCS Director Express for Big Data

Link to public exploit:

https://srcincite.io/pocs/cve-2020-32{43,47}.py.txt

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the REST API . A remote authenticated attacker can send a specially crafted file and write or execute arbitrary files on the system.

Remediation

Install update from vendor's website.

ID:4746 - Exploit for Path Traversal in Cisco UCS Director and Cisco UCS Director Express for Big Data - CVE-2020-3247

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human