cisco-sa-20200108-ucs-dir-infodis: Cisco UCS Director Information Disclosure Vulnerability
First published: Wed Jan 08 2020(Updated: )
A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ucs-dir-infodis
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco UCS Director |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability?
The severity of Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability is high.
How do I fix Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability?
To fix Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability, update to the latest version of Cisco UCS Director that addresses this vulnerability.
Who is affected by Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability?
Organizations using an affected version of Cisco UCS Director are at risk from Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability.
What type of attack does Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability enable?
Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability allows unauthenticated remote attackers to download sensitive system log files.
Is authentication bypass the primary issue in Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability?
Yes, the primary issue in Cisco SA 2020-01-08 UCS Director Information Disclosure Vulnerability is a flaw in the authentication logic of the web-based management interface.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/cisco-advisory
- source/Cisco
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ucs director