Lucene search
Steven Seeley (mr_me) of Source InciteZDI-20-540HistoryApr 16, 2020 - 12:00 a.m.
Cisco UCS Director isEnableRestKeyAccessCheckForUser Authentication Bypass Vulnerability
2020-04-1600:00:00
Steven Seeley (mr_me) of Source Incite
www.zerodayinitiative.com
14
EPSS
0.968
Percentile
99.7%
This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the X-Cloupia-Request-Key field in requests. The issue results from the lack of proper validation of the user-supplied field prior to using it in authentication operations. An attacker can leverage this vulnerability to bypass authentication on the system.
Related
nvd
nvd
CVE-2020-3243
2020-04-15 21:15:35
cve
cve
CVE-2020-3243
2020-04-15 21:15:35
prion
prion
Directory traversal
2020-04-15 21:15:00
cvelist
cvelist
dsquare
dsquare
Cisco UCS Director Directory Traversal
2021-03-08 00:00:00
packetstorm
packetstorm
Cisco UCS Director Cloupia Script Remote Code Execution
2020-06-05 00:00:00
metasploit
metasploit
Cisco UCS Director Cloupia Script RCE
2020-06-03 03:13:07
zdt
zdt
Cisco UCS Director Cloupia Script Remote Code Execution Exploit
2020-06-08 00:00:00
nessus
nessus
cisco
cisco
threatpost
threatpost
Cisco IP Phone Harbors Critical RCE Flaw
2020-04-16 18:49:27