Main Vulnerability Database Vulnerabilities #VU29145

#VU29145 Information disclosure in Cisco UCS Director - CVE-2020-3242

Published: June 18, 2020

Vulnerability identifier: #VU29145

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3242

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco UCS Director

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to confidential information is returned as part of an API response. A remote administrator can send a specially crafted request and obtain the API key of another user, allowing him to impersonate the account of that user on the affected device

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-info-disclosure-gSMU8EKT

#VU29145 Information disclosure in Cisco UCS Director - CVE-2020-3242

Description

Remediation

External links

Please verify you're human