Vulnerabilities > CVE-2020-3329 - Unspecified vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.
Vulnerable Configurations
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-UCSD-AR6BAGUZ.NASL |
| description | According to its self-reported version, the remote host is running a version of Cisco UCS Director that is affected by role-Based Access Control vulnerability. A remote authenticated attacker could exploit this vulnerability by updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users. Note that Nessus has not tested for this issue but has instead relied only on the application |
| last seen | 2020-06-10 |
| modified | 2020-06-04 |
| plugin id | 137134 |
| published | 2020-06-04 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/137134 |
| title | Cisco UCS Director for Role-Based Access Control (cisco-sa-ucsd-Ar6BAguz) |