CVE-2020-3243

CRITICAL

Cisco UCS Director - Auth Bypass/Path Traversal

Title source: llm

Description

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (1)

metasploit WORKING POC EXCELLENT

by mr_me, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_ucs_cloupia_script_rce.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-20-540/

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/157955/Cisco-UCS-Director-Cloupia-Script-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.9020

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269 CWE-20

Status published

Products (19)

cisco/ucs_director 6.0.0.0

cisco/ucs_director 6.0.0.1

cisco/ucs_director 6.0.1.0

cisco/ucs_director 6.0.1.1

cisco/ucs_director 6.0.1.2

cisco/ucs_director 6.0.1.3

cisco/ucs_director 6.5.0.0

cisco/ucs_director 6.5.0.1

cisco/ucs_director 6.5.0.2

cisco/ucs_director 6.5.0.3

... and 9 more

Published Apr 15, 2020

Tracked Since Feb 18, 2026