A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 15 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-15T16:59:57.363Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3241

cve-icon Vulnrichment

Updated: 2024-08-04T07:30:56.529Z

cve-icon NVD

Status : Modified

Published: 2020-06-18T03:15:11.183

Modified: 2024-11-21T05:30:38.357

Link: CVE-2020-3241

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.