Page 3 of 26 results (0.002 seconds)

CVSS: 10.0EPSS: 43%CPEs: 19EXPL: 0

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-543 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 43%CPEs: 19EXPL: 0

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-541 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 96%CPEs: 19EXPL: 0

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco UCS Director. • http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-540 https://srcincite.io/blog/2020/04/17/strike-three-symlinking-your-way-to-unauthenticated-access-against-cisco-ucs-director.html https://srcincite.io/pocs/src-2020-0014.py.txt • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 9%CPEs: 19EXPL: 0

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-542 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 90%CPEs: 19EXPL: 0

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-539 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •