What is CVE-2020-3249?

CVE-2020-3249 is a vulnerability in Cisco UCS Director that allows remote attackers to overwrite arbitrary files.

Is authentication required to exploit CVE-2020-3249?

No, authentication is not required to exploit CVE-2020-3249.

How severe is CVE-2020-3249?

CVE-2020-3249 has a severity rating of 8.2 (critical).

How can I fix CVE-2020-3249?

To fix CVE-2020-3249, it is recommended to upgrade to a version of Cisco UCS Director that has addressed the vulnerability.

Where can I find more information about CVE-2020-3249?

You can find more information about CVE-2020-3249 in the Cisco Security Advisory and the Zero Day Initiative advisory.

Vulnerability/
CVE-2020-3249

critical

9.8

CWE

22 20

15/4/2020

4/8/2024

15/11/2024

CVE-2020-3249: Cisco UCS Director saveWindowsNetworkConfig Directory Traversal Denial-of-Service Vulnerability

First published: Wed Apr 15 2020(Updated: )

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Director	=6.0.0.0
Cisco UCS Director	=6.0.0.1
Cisco UCS Director	=6.0.1.0
Cisco UCS Director	=6.0.1.1
Cisco UCS Director	=6.0.1.2
Cisco UCS Director	=6.0.1.3
Cisco UCS Director	=6.5.0.0
Cisco UCS Director	=6.5.0.1
Cisco UCS Director	=6.5.0.2
Cisco UCS Director	=6.5.0.3
Cisco UCS Director	=6.5.0.4
Cisco UCS Director	=6.6.0.0
Cisco UCS Director	=6.6.1.0
Cisco UCS Director	=6.6.2.0
Cisco UCS Director	=6.7.0.0
Cisco UCS Director	=6.7.1.0
Cisco UCS Director	=6.7.2.0
Cisco UCS Director	=6.7.3.0
Cisco UCS Director Express for Big Data	<=3.7.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3249?
CVE-2020-3249 is a vulnerability in Cisco UCS Director that allows remote attackers to overwrite arbitrary files.
Is authentication required to exploit CVE-2020-3249?
No, authentication is not required to exploit CVE-2020-3249.
How severe is CVE-2020-3249?
CVE-2020-3249 has a severity rating of 8.2 (critical).
How can I fix CVE-2020-3249?
To fix CVE-2020-3249, it is recommended to upgrade to a version of Cisco UCS Director that has addressed the vulnerability.
Where can I find more information about CVE-2020-3249?
You can find more information about CVE-2020-3249 in the Cisco Security Advisory and the Zero Day Initiative advisory.

collector/nvd-index
agent/weakness
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/title
agent/severity
agent/description
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-20-544
alias/ZDI-CAN-9604
alias/CVE-2020-3249
agent/software-canonical-lookup
vendor/cisco
canonical/cisco ucs director
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.0.1
version/cisco ucs director/6.0.1.0
version/cisco ucs director/6.0.1.1
version/cisco ucs director/6.0.1.2
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.1
version/cisco ucs director/6.5.0.2
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.5.0.4
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.6.2.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.1.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7.3.0
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/3.7.3.0