Intrusion PreventionCisco.UCS.Director.saveWindowsNetworkConfig.Directory.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Cisco Systems UCS Director.
The vulnerability is due to insufficient validation of user input in the saveWindowsNetworkConfig method. A remote authenticated attacker can exploit the vulnerability by sending malicious requests to the target server. Successful exploitation could result in arbitrary file write leading to denial of service conditions.
Affected Products
Cisco Systems UCS Director prior to 6.7.4.0
Cisco Systems UCS Director Express for Big Data prior to 3.7.4.0
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 49452 |
| Created | Aug 26, 2020 |
| Updated | May 04, 2022 |
| Risk |
|
| CVE ID | CVE-2020-3249 |
| Exploit Prediction Score | 30.25% |
| Default Action | drop |
| Active | |
| Affected OS | Other |
| Affected App | Cisco |