CVE-2020-3250 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3250
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco UCS Director. • http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-538 https://srcincite.io/blog/2020/04/17/strike-three-symlinking-your-way-to-unauthenticated-access-against-cisco-ucs-director.html https://srcincite.io/pocs/src-2020-0014.py.txt • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVE-2020-3249 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3249
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to overwrite arbitrary files on affected installations of Cisco UCS Director. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-544 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-3248 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3248
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-543 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-3247 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3247
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-541 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-3243 – Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
https://notcve.org/view.php?id=CVE-2020-3243
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la API REST de Cisco UCS Director y Cisco UCS Director Express para Big Data, pueden permitir a un atacante remoto omitir la autenticación o conducir ataques de salto de directorio sobre un dispositivo afectado. Para mayor información acerca de estas vulnerabilidades, consulte la sección Detalles de este aviso. This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco UCS Director. • http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E https://www.zerodayinitiative.com/advisories/ZDI-20-540 https://srcincite.io/blog/2020/04/17/strike-three-symlinking-your-way-to-unauthenticated-access-against-cisco-ucs-director.html https://srcincite.io/pocs/src-2020-0014.py.txt • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •