medium
4.3
CWE
284
Advisory Published
Updated

CVE-2020-3329: Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability

First published: Wed May 06 2020(Updated: )

A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Integrated Management Controller Supervisor>=1.1.0.0<2.2.1.3
Cisco UCS Director>=5.4.0.0<6.7.4.0
Cisco UCS Director Express for Big Data>=2.0.0.0<3.7.4.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-3329?

    CVE-2020-3329 is a vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data that could allow a read-only authenticated, remote attacker to disable user accounts on an affected system.

  • How does CVE-2020-3329 affect Cisco Integrated Management Controller Supervisor?

    CVE-2020-3329 affects Cisco Integrated Management Controller Supervisor versions between 1.1.0.0 and 2.2.1.3, allowing a read-only authenticated, remote attacker to disable user accounts.

  • How does CVE-2020-3329 affect Cisco UCS Director?

    CVE-2020-3329 affects Cisco UCS Director versions between 5.4.0.0 and 6.7.4.0, allowing a read-only authenticated, remote attacker to disable user accounts.

  • How does CVE-2020-3329 affect Cisco UCS Director Express for Big Data?

    CVE-2020-3329 affects Cisco UCS Director Express for Big Data versions between 2.0.0.0 and 3.7.4.0, allowing a read-only authenticated, remote attacker to disable user accounts.

  • What is the severity of CVE-2020-3329?

    The severity of CVE-2020-3329 is medium, with a severity value of 4.3.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203