HTTP: Cisco UCS Director Multiple Directory Traversal
This signature detects attempts to exploit a known vulnerability against Cisco UCS Director. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected Products
Cisco ucs_director_express_for_big_data
Short Name
HTTP:DIR:CISCO-UCS-MUL-DIRTRV
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2020-3239 CVE-2020-3240 CVE-2020-3243 CVE-2020-3247 CVE-2020-3248 CVE-2020-3249 CVE-2020-3250 CVE-2020-3251 CVE-2020-3252 CVE-2020-9586 Cisco Director Directory Multiple Traversal UCS
Release Date
05/26/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Cisco
CVSS Score
7.5
8.5
7.8
4.0
9.0
10.0
9.3