What is CVE-2020-3239?

CVE-2020-3239 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director.

How severe is CVE-2020-3239?

CVE-2020-3239 has a severity rating of 9.8, which is classified as critical.

Is authentication required to exploit CVE-2020-3239?

No, authentication is not required to exploit CVE-2020-3239.

What is the affected software for CVE-2020-3239?

The affected software for CVE-2020-3239 is Cisco UCS Director versions 6.0.0.0 to 6.7.3.0 and Cisco UCS Director Express for Big Data versions up to 3.7.3.0.

How can I fix CVE-2020-3239?

To fix CVE-2020-3239, it is recommended to update to the latest version of Cisco UCS Director or apply the necessary patches provided by Cisco.

Vulnerability/
CVE-2020-3239

critical

9.8

CWE

22 20

15/4/2020

4/8/2024

15/11/2024

CVE-2020-3239: Cisco UCS Director ApplianceStorageUtil unzip Directory Traversal Remote Code Execution Vulnerability

First published: Wed Apr 15 2020(Updated: )

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Director	=6.0.0.0
Cisco UCS Director	=6.0.0.1
Cisco UCS Director	=6.0.1.0
Cisco UCS Director	=6.0.1.1
Cisco UCS Director	=6.0.1.2
Cisco UCS Director	=6.0.1.3
Cisco UCS Director	=6.5.0.0
Cisco UCS Director	=6.5.0.1
Cisco UCS Director	=6.5.0.2
Cisco UCS Director	=6.5.0.3
Cisco UCS Director	=6.5.0.4
Cisco UCS Director	=6.6.0.0
Cisco UCS Director	=6.6.1.0
Cisco UCS Director	=6.6.2.0
Cisco UCS Director	=6.7.0.0
Cisco UCS Director	=6.7.1.0
Cisco UCS Director	=6.7.2.0
Cisco UCS Director	=6.7.3.0
Cisco UCS Director Express for Big Data	<=3.7.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3239?
CVE-2020-3239 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director.
How severe is CVE-2020-3239?
CVE-2020-3239 has a severity rating of 9.8, which is classified as critical.
Is authentication required to exploit CVE-2020-3239?
No, authentication is not required to exploit CVE-2020-3239.
What is the affected software for CVE-2020-3239?
The affected software for CVE-2020-3239 is Cisco UCS Director versions 6.0.0.0 to 6.7.3.0 and Cisco UCS Director Express for Big Data versions up to 3.7.3.0.
How can I fix CVE-2020-3239?
To fix CVE-2020-3239, it is recommended to update to the latest version of Cisco UCS Director or apply the necessary patches provided by Cisco.

collector/nvd-index
agent/weakness
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/event
agent/description
collector/zdi-advisory
source/ZDI
alias/ZDI-20-539
alias/ZDI-CAN-9586
alias/CVE-2020-3239
agent/software-canonical-lookup
vendor/cisco
canonical/cisco ucs director
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.0.1
version/cisco ucs director/6.0.1.0
version/cisco ucs director/6.0.1.1
version/cisco ucs director/6.0.1.2
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.1
version/cisco ucs director/6.5.0.2
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.5.0.4
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.6.2.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.1.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7.3.0
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/3.7.3.0