What is CVE-2020-3240?

CVE-2020-3240 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director.

What is the severity of CVE-2020-3240?

CVE-2020-3240 has a severity rating of 9.8 (critical).

How does CVE-2020-3240 affect Cisco UCS Director?

CVE-2020-3240 affects Cisco UCS Director installations by allowing remote attackers to execute arbitrary code.

Is authentication required to exploit CVE-2020-3240?

No, authentication is not required to exploit CVE-2020-3240.

How can I fix CVE-2020-3240?

To fix CVE-2020-3240, it is recommended to apply the necessary patches provided by Cisco.

Vulnerability/
CVE-2020-3240

critical

9.8

CWE

15/4/2020

4/8/2024

15/11/2024

CVE-2020-3240: Cisco UCS Director ScriptModuleAddJarPage Directory Traversal Remote Code Execution Vulnerability

First published: Wed Apr 15 2020(Updated: )

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Director	=6.0.0.0
Cisco UCS Director	=6.0.0.1
Cisco UCS Director	=6.0.1.0
Cisco UCS Director	=6.0.1.1
Cisco UCS Director	=6.0.1.2
Cisco UCS Director	=6.0.1.3
Cisco UCS Director	=6.5.0.0
Cisco UCS Director	=6.5.0.1
Cisco UCS Director	=6.5.0.2
Cisco UCS Director	=6.5.0.3
Cisco UCS Director	=6.5.0.4
Cisco UCS Director	=6.6.0.0
Cisco UCS Director	=6.6.1.0
Cisco UCS Director	=6.6.2.0
Cisco UCS Director	=6.7.0.0
Cisco UCS Director	=6.7.1.0
Cisco UCS Director	=6.7.2.0
Cisco UCS Director	=6.7.3.0
Cisco UCS Director Express for Big Data	<=3.7.3.0
Cisco UCS Director

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3240?
CVE-2020-3240 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director.
What is the severity of CVE-2020-3240?
CVE-2020-3240 has a severity rating of 9.8 (critical).
How does CVE-2020-3240 affect Cisco UCS Director?
CVE-2020-3240 affects Cisco UCS Director installations by allowing remote attackers to execute arbitrary code.
Is authentication required to exploit CVE-2020-3240?
No, authentication is not required to exploit CVE-2020-3240.
How can I fix CVE-2020-3240?
To fix CVE-2020-3240, it is recommended to apply the necessary patches provided by Cisco.

collector/nvd-index
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/author
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-20-542
alias/ZDI-CAN-9565
alias/CVE-2020-3240
agent/software-canonical-lookup
agent/description
vendor/cisco
canonical/cisco ucs director
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.0.1
version/cisco ucs director/6.0.1.0
version/cisco ucs director/6.0.1.1
version/cisco ucs director/6.0.1.2
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.1
version/cisco ucs director/6.5.0.2
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.5.0.4
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.6.2.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.1.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7.3.0
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/3.7.3.0