First published: Mon Aug 17 2020(Updated: )
A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need administrative credentials on the affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco UCS Director | <6.7.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3464 is a vulnerability in the web-based management interface of Cisco UCS Director that allows an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
CVE-2020-3464 has a severity rating of 4.8, which is considered medium.
CVE-2020-3464 affects Cisco UCS Director versions up to exclusive 6.7.4.1.
An attacker with administrative credentials can exploit CVE-2020-3464 to conduct a cross-site scripting attack against a user of the web-based management interface.
To fix CVE-2020-3464, it is recommended to upgrade Cisco UCS Director to a version beyond 6.7.4.1.