Vulnerabilities > CVE-2020-3329 - Unspecified vulnerability in Cisco products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
cisco
nessus

Summary

A vulnerability in role-based access control of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow a read-only authenticated, remote attacker to disable user accounts on an affected system. The vulnerability is due to incorrect allocation of the enable/disable action button under the role-based access control code on an affected system. An attacker could exploit this vulnerability by authenticating as a read-only user and then updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users.

Vulnerable Configurations

Part Description Count
Application
Cisco
91

Nessus

NASL familyCISCO
NASL idCISCO-SA-UCSD-AR6BAGUZ.NASL
descriptionAccording to its self-reported version, the remote host is running a version of Cisco UCS Director that is affected by role-Based Access Control vulnerability. A remote authenticated attacker could exploit this vulnerability by updating the roles of other users to disable them. A successful exploit could allow the attacker to disable users, including administrative users. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen2020-06-10
modified2020-06-04
plugin id137134
published2020-06-04
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/137134
titleCisco UCS Director for Role-Based Access Control (cisco-sa-ucsd-Ar6BAguz)