What is the severity of CVE-2020-3251?

The severity of CVE-2020-3251 is critical with a CVSS score of 8.8.

How can a remote attacker exploit CVE-2020-3251?

A remote attacker can exploit CVE-2020-3251 by bypassing authentication or conducting directory traversal attacks.

Where can I find more information about CVE-2020-3251?

You can find more information about CVE-2020-3251 in the Cisco Security Advisory at the following URL: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E].

Vulnerability/
CVE-2020-3251

critical

9.8

CWE

22 20

15/4/2020

15/11/2024

CVE-2020-3251: Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

Q: What are the affected versions of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251?

The affected versions of Cisco UCS Director are 6.0.0.0, 6.0.0.1, 6.0.1.0, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.5.0.0, 6.5.0.1, 6.5.0.2, 6.5.0.3, 6.5.0.4, 6.6.0.0, 6.6.1.0, 6.6.2.0, 6.7.0.0, 6.7.1.0, 6.7.2.0, and 6.7.3.0. The affected version of Cisco UCS Director Express for Big Data is up to and inclusive of 3.7.3.0.

Q: What are the vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251?

The vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251 allow a remote attacker to bypass authentication or conduct directory traversal attacks.

First published: Wed Apr 15 2020(Updated: )

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco UCS Director	=6.0.0.0
Cisco UCS Director	=6.0.0.1
Cisco UCS Director	=6.0.1.0
Cisco UCS Director	=6.0.1.1
Cisco UCS Director	=6.0.1.2
Cisco UCS Director	=6.0.1.3
Cisco UCS Director	=6.5.0.0
Cisco UCS Director	=6.5.0.1
Cisco UCS Director	=6.5.0.2
Cisco UCS Director	=6.5.0.3
Cisco UCS Director	=6.5.0.4
Cisco UCS Director	=6.6.0.0
Cisco UCS Director	=6.6.1.0
Cisco UCS Director	=6.6.2.0
Cisco UCS Director	=6.7.0.0
Cisco UCS Director	=6.7.1.0
Cisco UCS Director	=6.7.2.0
Cisco UCS Director	=6.7.3.0
Cisco UCS Director Express for Big Data	<=3.7.3.0

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E

Frequently Asked Questions

What is the severity of CVE-2020-3251?
The severity of CVE-2020-3251 is critical with a CVSS score of 8.8.
What are the affected versions of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251?
The affected versions of Cisco UCS Director are 6.0.0.0, 6.0.0.1, 6.0.1.0, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.5.0.0, 6.5.0.1, 6.5.0.2, 6.5.0.3, 6.5.0.4, 6.6.0.0, 6.6.1.0, 6.6.2.0, 6.7.0.0, 6.7.1.0, 6.7.2.0, and 6.7.3.0. The affected version of Cisco UCS Director Express for Big Data is up to and inclusive of 3.7.3.0.
What are the vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251?
The vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251 allow a remote attacker to bypass authentication or conduct directory traversal attacks.
How can a remote attacker exploit CVE-2020-3251?
A remote attacker can exploit CVE-2020-3251 by bypassing authentication or conducting directory traversal attacks.
Where can I find more information about CVE-2020-3251?
You can find more information about CVE-2020-3251 in the Cisco Security Advisory at the following URL: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E].

collector/nvd-index
agent/weakness
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/cisco
canonical/cisco ucs director
version/cisco ucs director/6.0.0.0
version/cisco ucs director/6.0.0.1
version/cisco ucs director/6.0.1.0
version/cisco ucs director/6.0.1.1
version/cisco ucs director/6.0.1.2
version/cisco ucs director/6.0.1.3
version/cisco ucs director/6.5.0.0
version/cisco ucs director/6.5.0.1
version/cisco ucs director/6.5.0.2
version/cisco ucs director/6.5.0.3
version/cisco ucs director/6.5.0.4
version/cisco ucs director/6.6.0.0
version/cisco ucs director/6.6.1.0
version/cisco ucs director/6.6.2.0
version/cisco ucs director/6.7.0.0
version/cisco ucs director/6.7.1.0
version/cisco ucs director/6.7.2.0
version/cisco ucs director/6.7.3.0
canonical/cisco ucs director express for big data
version/cisco ucs director express for big data/3.7.3.0

CVE-2020-3251: Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-3251?

What are the affected versions of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251?

What are the vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data for CVE-2020-3251?

How can a remote attacker exploit CVE-2020-3251?

Where can I find more information about CVE-2020-3251?

Company

Resources

Contact