Lucene search
Steven Seeley (mr_me) of Source InciteZDI-20-542HistoryApr 16, 2020 - 12:00 a.m.
Cisco UCS Director ScriptModuleAddJarPage Directory Traversal Remote Code Execution Vulnerability
2020-04-1600:00:00
Steven Seeley (mr_me) of Source Incite
www.zerodayinitiative.com
12
0.112 Low
EPSS
Percentile
95.2%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ScriptModuleAddJarPage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the tomcatu account.
Related
cvelist
cvelist
nvd
nvd
CVE-2020-3240
2020-04-15 21:15:35
prion
prion
Directory traversal
2020-04-15 21:15:00
cve
cve
CVE-2020-3240
2020-04-15 21:15:35
checkpoint_advisories
checkpoint_advisories
nessus
nessus
cisco
cisco
threatpost
threatpost
Cisco IP Phone Harbors Critical RCE Flaw
2020-04-16 18:49:27