CVE-2020-3470 - Vulnerability Details

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.03203.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Unified Computing System (Standalone)

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:enterprise_network_compute_system_5100:-:::::::*
	cpe:2.3:h:cisco:enterprise_network_compute_system_5400:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:c125_m5:-:::::::*
	cpe:2.3:h:cisco:c220_m5:-:::::::*
	cpe:2.3:h:cisco:c240_m5:-:::::::*
	cpe:2.3:h:cisco:c480_m5:-:::::::*
	cpe:2.3:h:cisco:c480_ml_m5:-:::::::*

Configuration 3 [-]

AND

OR	cpe:2.3:a:cisco:integrated_management_controller::::::::
	cpe:2.3:a:cisco:integrated_management_controller::::::::
	cpe:2.3:a:cisco:integrated_management_controller::::::::

OR	cpe:2.3:h:cisco:ucs_c220_m4:-:::::::*
	cpe:2.3:h:cisco:ucs_c460_m4:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:ucs_c22_m3:-:::::::*
	cpe:2.3:h:cisco:ucs_c220_m3:-:::::::*
	cpe:2.3:h:cisco:ucs_c24_m3:-:::::::*
	cpe:2.3:h:cisco:ucs_c240_m3:-:::::::*
	cpe:2.3:h:cisco:ucs_c420_m3:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:ucs_e-series_m1:-:::::::*
	cpe:2.3:h:cisco:ucs_e-series_m2:-:::::::*
	cpe:2.3:h:cisco:ucs_e-series_m3:-:::::::*

Configuration 6 [-]

AND

OR	cpe:2.3:a:cisco:integrated_management_controller::::::::
	cpe:2.3:a:cisco:integrated_management_controller::::::::

cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:a:cisco:integrated_management_controller:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs_s3160:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Cisco Subscribe	C125 M5 Subscribe C220 M5 Subscribe C240 M5 Subscribe C480 M5 Subscribe C480 Ml M5 Subscribe Enterprise Network Compute System 5100 Subscribe Enterprise Network Compute System 5400 Subscribe Enterprise Nfv Infrastructure Software Subscribe Integrated Management Controller Subscribe Ucs C220 M3 Subscribe Ucs C220 M4 Subscribe Ucs C22 M3 Subscribe Ucs C240 M3 Subscribe Ucs C24 M3 Subscribe Ucs C420 M3 Subscribe Ucs C460 M4 Subscribe Ucs E-series M1 Subscribe Ucs E-series M2 Subscribe Ucs E-series M3 Subscribe Ucs S3160 Subscribe Ucs S3260 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2020-24741	Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd

History

Wed, 13 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-11-18T17:41:18.106724Z

Updated: 2024-11-13T17:37:58.871Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3470

Vulnrichment

Updated: 2024-08-04T07:37:54.149Z

NVD

Status : Modified

Published: 2020-11-18T19:15:12.540

Modified: 2024-11-21T05:31:08.060

Link: CVE-2020-3470

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable yes

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object