A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 15 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-15T17:26:11.223Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3329

cve-icon Vulnrichment

Updated: 2024-08-04T07:30:57.873Z

cve-icon NVD

Status : Modified

Published: 2020-05-06T17:15:13.963

Modified: 2024-11-21T05:30:48.813

Link: CVE-2020-3329

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.