Intrusion Prevention

Cisco.UCS.Director.saveWindowsNetworkConfig.Directory.Traversal

Description

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Cisco Systems UCS Director.
The vulnerability is due to insufficient validation of user input in the saveWindowsNetworkConfig method. A remote authenticated attacker can exploit the vulnerability by sending malicious requests to the target server. Successful exploitation could result in arbitrary file write leading to denial of service conditions.

Affected Products

Cisco Systems UCS Director prior to 6.7.4.0
Cisco Systems UCS Director Express for Big Data prior to 3.7.4.0

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E

CVE References

CVE-2020-3249