CVE-2020-3470
Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).
Múltiples vulnerabilidades en el subsistema API de Cisco Integrated Management Controller (IMC), podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario con privilegios root. Las vulnerabilidades son debido a comprobaciones de límites inapropiadas para determinada entrada suministrada por el usuario. Un atacante podría explotar estas vulnerabilidades mediante el envío una petición HTTP diseñada hacia el subsistema API de un sistema afectado. Cuando esta petición es procesada, puede ocurrir una condición de desbordamiento de búfer explotable. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario con privilegios root en el sistema operativo subyacente (SO)
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2019-12-12 CVE Reserved
- 2020-11-18 CVE Published
- 2024-09-07 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Enterprise Nfv Infrastructure Software Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software" | < 4.4.1 Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software" and version " < 4.4.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Enterprise Network Compute System 5100 Search vendor "Cisco" for product "Enterprise Network Compute System 5100" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Enterprise Nfv Infrastructure Software Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software" | < 4.4.1 Search vendor "Cisco" for product "Enterprise Nfv Infrastructure Software" and version " < 4.4.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Enterprise Network Compute System 5400 Search vendor "Cisco" for product "Enterprise Network Compute System 5400" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | C125 M5 Search vendor "Cisco" for product "C125 M5" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | C220 M5 Search vendor "Cisco" for product "C220 M5" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | C240 M5 Search vendor "Cisco" for product "C240 M5" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | C480 M5 Search vendor "Cisco" for product "C480 M5" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.0\(1a\) <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(4l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | C480 Ml M5 Search vendor "Cisco" for product "C480 Ml M5" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C220 M4 Search vendor "Cisco" for product "Ucs C220 M4" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C460 M4 Search vendor "Cisco" for product "Ucs C460 M4" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.0\(1a\) <= 4.0\(2l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(2l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C220 M4 Search vendor "Cisco" for product "Ucs C220 M4" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.0\(1a\) <= 4.0\(2l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.0\(1a\) <= 4.0\(2l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C460 M4 Search vendor "Cisco" for product "Ucs C460 M4" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.1\(1c\) <= 4.1\(1f\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.1\(1c\) <= 4.1\(1f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C220 M4 Search vendor "Cisco" for product "Ucs C220 M4" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.1\(1c\) <= 4.1\(1f\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.1\(1c\) <= 4.1\(1f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C460 M4 Search vendor "Cisco" for product "Ucs C460 M4" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C22 M3 Search vendor "Cisco" for product "Ucs C22 M3" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C220 M3 Search vendor "Cisco" for product "Ucs C220 M3" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C24 M3 Search vendor "Cisco" for product "Ucs C24 M3" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C240 M3 Search vendor "Cisco" for product "Ucs C240 M3" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs C420 M3 Search vendor "Cisco" for product "Ucs C420 M3" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | < 3.2.11.3 Search vendor "Cisco" for product "Integrated Management Controller" and version " < 3.2.11.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs E-series M1 Search vendor "Cisco" for product "Ucs E-series M1" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | < 3.2.11.3 Search vendor "Cisco" for product "Integrated Management Controller" and version " < 3.2.11.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs E-series M2 Search vendor "Cisco" for product "Ucs E-series M2" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | < 3.2.11.3 Search vendor "Cisco" for product "Integrated Management Controller" and version " < 3.2.11.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs E-series M3 Search vendor "Cisco" for product "Ucs E-series M3" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.1 <= 4.0\(4l\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.1 <= 4.0\(4l\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs S3260 Search vendor "Cisco" for product "Ucs S3260" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 4.1\(1c\) <= 4.1\(1f\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 4.1\(1c\) <= 4.1\(1f\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs S3260 Search vendor "Cisco" for product "Ucs S3260" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Integrated Management Controller Search vendor "Cisco" for product "Integrated Management Controller" | >= 3.0\(1c\) <= 3.0\(4q\) Search vendor "Cisco" for product "Integrated Management Controller" and version " >= 3.0\(1c\) <= 3.0\(4q\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ucs S3160 Search vendor "Cisco" for product "Ucs S3160" | - | - |
Safe
|