Cisco UCS Director Information Disclosure Vulnerability
CVE-2020-3242

4.9MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Computing System (management Software)
Vendor: CVE Published:; 18 June 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device.

Affected Version(s)

Cisco Unified Computing System (Management Software)

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jun 18, 2020
Vulnerability Reserved
Dec 12, 2019