What is CVE-2020-3248?

CVE-2020-3248 is a vulnerability in Cisco UCS Director that allows remote attackers to execute arbitrary code on affected installations.

Is authentication required to exploit CVE-2020-3248?

No, authentication is not required to exploit CVE-2020-3248.

How severe is CVE-2020-3248?

CVE-2020-3248 has a severity rating of 9.8 (Critical).

What is the affected software?

The affected software includes Cisco UCS Director versions 6.0.0.0 to 6.7.3.0 and Cisco UCS Director Express for Big Data version 3.7.3.0.

How can I fix CVE-2020-3248?

It is recommended to apply the necessary updates provided by Cisco to fix CVE-2020-3248.

Vulnerability/
CVE-2020-3248

critical

CWE

22 20

15/4/2020

4/8/2024

15/11/2024

CVE-2020-3248: Cisco UCS Director saveStaticConfig Directory Traversal Remote Code Execution Vulnerability

First published: Wed Apr 15 2020(Updated: )

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Director	=6.0.0.0
Cisco UCS Director	=6.0.0.1
Cisco UCS Director	=6.0.1.0
Cisco UCS Director	=6.0.1.1
Cisco UCS Director	=6.0.1.2
Cisco UCS Director	=6.0.1.3
Cisco UCS Director	=6.5.0.0
Cisco UCS Director	=6.5.0.1
Cisco UCS Director	=6.5.0.2
Cisco UCS Director	=6.5.0.3
Cisco UCS Director	=6.5.0.4
Cisco UCS Director	=6.6.0.0
Cisco UCS Director	=6.6.1.0
Cisco UCS Director	=6.6.2.0
Cisco UCS Director	=6.7.0.0
Cisco UCS Director	=6.7.1.0
Cisco UCS Director	=6.7.2.0
Cisco UCS Director	=6.7.3.0
Cisco UCS Director Express for Big Data	<=3.7.3.0
Cisco UCS Director

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3248?
CVE-2020-3248 is a vulnerability in Cisco UCS Director that allows remote attackers to execute arbitrary code on affected installations.
Is authentication required to exploit CVE-2020-3248?
No, authentication is not required to exploit CVE-2020-3248.
How severe is CVE-2020-3248?
CVE-2020-3248 has a severity rating of 9.8 (Critical).
What is the affected software?
The affected software includes Cisco UCS Director versions 6.0.0.0 to 6.7.3.0 and Cisco UCS Director Express for Big Data version 3.7.3.0.
How can I fix CVE-2020-3248?
It is recommended to apply the necessary updates provided by Cisco to fix CVE-2020-3248.

collector/nvd-index
agent/weakness
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-20-543
alias/ZDI-CAN-9596
alias/CVE-2020-3248
agent/software-canonical-lookup
agent/description
vendor/cisco
canonical/cisco ucs director
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.0.1
version/cisco ucs director/6.0.1.0
version/cisco ucs director/6.0.1.1
version/cisco ucs director/6.0.1.2
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.1
version/cisco ucs director/6.5.0.2
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.5.0.4
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.6.2.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.1.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7.3.0
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/3.7.3.0