What is CVE-2020-3250?

CVE-2020-3250 is a vulnerability that allows remote attackers to disclose sensitive information on affected installations of Cisco UCS Director.

How severe is CVE-2020-3250?

CVE-2020-3250 has a severity rating of 9.8, which is considered critical.

What is the affected software?

The affected software for CVE-2020-3250 includes Cisco UCS Director versions 6.0.0.0 to 6.7.3.0 and Cisco UCS Director Express for Big Data version 3.7.3.0.

Is authentication required to exploit CVE-2020-3250?

No, authentication is not required to exploit CVE-2020-3250.

How can I fix CVE-2020-3250?

To fix CVE-2020-3250, it is recommended to apply the necessary security patches provided by Cisco.

Vulnerability/
CVE-2020-3250

critical

9.8

CWE

269 20

15/4/2020

4/8/2024

15/11/2024

CVE-2020-3250: Cisco UCS Director downloadFile Directory Traversal Information Disclosure Vulnerability

First published: Wed Apr 15 2020(Updated: )

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Director	=6.0.0.0
Cisco UCS Director	=6.0.0.1
Cisco UCS Director	=6.0.1.0
Cisco UCS Director	=6.0.1.1
Cisco UCS Director	=6.0.1.2
Cisco UCS Director	=6.0.1.3
Cisco UCS Director	=6.5.0.0
Cisco UCS Director	=6.5.0.1
Cisco UCS Director	=6.5.0.2
Cisco UCS Director	=6.5.0.3
Cisco UCS Director	=6.5.0.4
Cisco UCS Director	=6.6.0.0
Cisco UCS Director	=6.6.1.0
Cisco UCS Director	=6.6.2.0
Cisco UCS Director	=6.7.0.0
Cisco UCS Director	=6.7.1.0
Cisco UCS Director	=6.7.2.0
Cisco UCS Director	=6.7.3.0
Cisco UCS Director Express for Big Data	<=3.7.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3250?
CVE-2020-3250 is a vulnerability that allows remote attackers to disclose sensitive information on affected installations of Cisco UCS Director.
How severe is CVE-2020-3250?
CVE-2020-3250 has a severity rating of 9.8, which is considered critical.
What is the affected software?
The affected software for CVE-2020-3250 includes Cisco UCS Director versions 6.0.0.0 to 6.7.3.0 and Cisco UCS Director Express for Big Data version 3.7.3.0.
Is authentication required to exploit CVE-2020-3250?
No, authentication is not required to exploit CVE-2020-3250.
How can I fix CVE-2020-3250?
To fix CVE-2020-3250, it is recommended to apply the necessary security patches provided by Cisco.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/first-publish-date
agent/event
agent/description
collector/zdi-advisory
source/ZDI
alias/ZDI-20-538
alias/ZDI-CAN-9557
alias/CVE-2020-3250
agent/software-canonical-lookup
vendor/cisco
canonical/cisco ucs director
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.0.1
version/cisco ucs director/6.0.1.0
version/cisco ucs director/6.0.1.1
version/cisco ucs director/6.0.1.2
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.1
version/cisco ucs director/6.5.0.2
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.5.0.4
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.6.2.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.1.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7.3.0
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/3.7.3.0