What is CVE-2020-3247?

CVE-2020-3247 is a remote code execution vulnerability in Cisco UCS Director.

What is the severity of CVE-2020-3247?

The severity of CVE-2020-3247 is critical, with a CVSS score of 9.8.

How can remote attackers exploit CVE-2020-3247?

Remote attackers can exploit CVE-2020-3247 without authentication by executing arbitrary code on affected installations of Cisco UCS Director.

Which versions of Cisco UCS Director are affected by CVE-2020-3247?

Versions 6.0.0.0 to 6.7.3.0 of Cisco UCS Director are affected by CVE-2020-3247.

How can I fix CVE-2020-3247?

To fix CVE-2020-3247, it is recommended to apply the necessary updates or patches provided by Cisco.

Vulnerability/
CVE-2020-3247

critical

CWE

22 20

15/4/2020

4/8/2024

15/11/2024

CVE-2020-3247: Cisco UCS Director CopyFileRunnable run Symlink Following Remote Code Execution Vulnerability

First published: Wed Apr 15 2020(Updated: )

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Director	=6.0.0.0
Cisco UCS Director	=6.0.0.1
Cisco UCS Director	=6.0.1.0
Cisco UCS Director	=6.0.1.1
Cisco UCS Director	=6.0.1.2
Cisco UCS Director	=6.0.1.3
Cisco UCS Director	=6.5.0.0
Cisco UCS Director	=6.5.0.1
Cisco UCS Director	=6.5.0.2
Cisco UCS Director	=6.5.0.3
Cisco UCS Director	=6.5.0.4
Cisco UCS Director	=6.6.0.0
Cisco UCS Director	=6.6.1.0
Cisco UCS Director	=6.6.2.0
Cisco UCS Director	=6.7.0.0
Cisco UCS Director	=6.7.1.0
Cisco UCS Director	=6.7.2.0
Cisco UCS Director	=6.7.3.0
Cisco UCS Director Express for Big Data	<=3.7.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3247?
CVE-2020-3247 is a remote code execution vulnerability in Cisco UCS Director.
What is the severity of CVE-2020-3247?
The severity of CVE-2020-3247 is critical, with a CVSS score of 9.8.
How can remote attackers exploit CVE-2020-3247?
Remote attackers can exploit CVE-2020-3247 without authentication by executing arbitrary code on affected installations of Cisco UCS Director.
Which versions of Cisco UCS Director are affected by CVE-2020-3247?
Versions 6.0.0.0 to 6.7.3.0 of Cisco UCS Director are affected by CVE-2020-3247.
How can I fix CVE-2020-3247?
To fix CVE-2020-3247, it is recommended to apply the necessary updates or patches provided by Cisco.

collector/nvd-index
agent/weakness
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/event
agent/description
collector/zdi-advisory
source/ZDI
alias/ZDI-20-541
alias/ZDI-CAN-9593
alias/CVE-2020-3247
agent/software-canonical-lookup
vendor/cisco
canonical/cisco ucs director
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.0.1
version/cisco ucs director/6.0.1.0
version/cisco ucs director/6.0.1.1
version/cisco ucs director/6.0.1.2
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.1
version/cisco ucs director/6.5.0.2
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.5.0.4
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.6.2.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.1.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7.3.0
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/3.7.3.0