CVE-2020-3470

Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).

Múltiples vulnerabilidades en el subsistema API de Cisco Integrated Management Controller (IMC), podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario con privilegios root. Las vulnerabilidades son debido a comprobaciones de límites inapropiadas para determinada entrada suministrada por el usuario. Un atacante podría explotar estas vulnerabilidades mediante el envío una petición HTTP diseñada hacia el subsistema API de un sistema afectado. Cuando esta petición es procesada, puede ocurrir una condición de desbordamiento de búfer explotable. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario con privilegios root en el sistema operativo subyacente (SO)

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2019-12-12 CVE Reserved
2020-11-18 CVE Published
2024-09-07 EPSS Updated
2024-11-13 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Enterprise Nfv Infrastructure Software Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software"	< 4.4.1 Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software" and version " < 4.4.1"	-	Affected	in	Cisco Search vendor "Cisco"	Enterprise Network Compute System 5100 Search vendor "Cisco" for product "Enterprise Network Compute System 5100"	-	-	Safe
Cisco Search vendor "Cisco"	Enterprise Nfv Infrastructure Software Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software"	< 4.4.1 Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software" and version " < 4.4.1"	-	Affected	in	Cisco Search vendor "Cisco"	Enterprise Network Compute System 5400 Search vendor "Cisco" for product "Enterprise Network Compute System 5400"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)"	-	Affected	in	Cisco Search vendor "Cisco"	C125 M5 Search vendor "Cisco" for product "C125 M5"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)"	-	Affected	in	Cisco Search vendor "Cisco"	C220 M5 Search vendor "Cisco" for product "C220 M5"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)"	-	Affected	in	Cisco Search vendor "Cisco"	C240 M5 Search vendor "Cisco" for product "C240 M5"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)"	-	Affected	in	Cisco Search vendor "Cisco"	C480 M5 Search vendor "Cisco" for product "C480 M5"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)"	-	Affected	in	Cisco Search vendor "Cisco"	C480 Ml M5 Search vendor "Cisco" for product "C480 Ml M5"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C220 M4 Search vendor "Cisco" for product "Ucs C220 M4"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C460 M4 Search vendor "Cisco" for product "Ucs C460 M4"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.0\(1a\) <= 4.0\(2l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(2l\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C220 M4 Search vendor "Cisco" for product "Ucs C220 M4"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.0\(1a\) <= 4.0\(2l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(2l\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C460 M4 Search vendor "Cisco" for product "Ucs C460 M4"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.1\(1c\) <= 4.1\(1f\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.1\(1c\) <= 4.1\(1f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C220 M4 Search vendor "Cisco" for product "Ucs C220 M4"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.1\(1c\) <= 4.1\(1f\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.1\(1c\) <= 4.1\(1f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C460 M4 Search vendor "Cisco" for product "Ucs C460 M4"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C22 M3 Search vendor "Cisco" for product "Ucs C22 M3"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C220 M3 Search vendor "Cisco" for product "Ucs C220 M3"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C24 M3 Search vendor "Cisco" for product "Ucs C24 M3"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C240 M3 Search vendor "Cisco" for product "Ucs C240 M3"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs C420 M3 Search vendor "Cisco" for product "Ucs C420 M3"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	< 3.2.11.3 Search vendor "Cisco" for product "Integrated Management Controller" and version " < 3.2.11.3"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs E-series M1 Search vendor "Cisco" for product "Ucs E-series M1"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	< 3.2.11.3 Search vendor "Cisco" for product "Integrated Management Controller" and version " < 3.2.11.3"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs E-series M2 Search vendor "Cisco" for product "Ucs E-series M2"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	< 3.2.11.3 Search vendor "Cisco" for product "Integrated Management Controller" and version " < 3.2.11.3"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs E-series M3 Search vendor "Cisco" for product "Ucs E-series M3"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.1 <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.1 <= 4.0\(4l\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs S3260 Search vendor "Cisco" for product "Ucs S3260"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 4.1\(1c\) <= 4.1\(1f\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.1\(1c\) <= 4.1\(1f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs S3260 Search vendor "Cisco" for product "Ucs S3260"	-	-	Safe
Cisco Search vendor "Cisco"	Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller"	>= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)"	-	Affected	in	Cisco Search vendor "Cisco"	Ucs S3160 Search vendor "Cisco" for product "Ucs S3160"	-	-	Safe