VDB
CNVD-2020-25352
CNVD-2020-25352
PUBLISHED
Cisco UCS Director是美国思科(Cisco)公司的一套私有云基础架构即服务(IaaS)的异构平台。 Cisco UCS Director中的REST API端点存在路径遍历漏洞,该漏洞源于程序未能充分验证发送到REST API的用户输入,远程攻击者可通过发送特制的请求利用该漏洞读取系统上的任意文件。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco UCS Director 6.0.0.0 | ||
| Cisco UCS Director 6.5.0.3 | ||
| Cisco UCS Director 6.0.0.1 | ||
| Cisco UCS Director 6.0.1.2 | ||
| Cisco UCS Director 6.5.0.4 | ||
| Cisco UCS Director 6.6.2.0 | ||
| Cisco UCS Director 6.5.0.0 | ||
| Cisco UCS Director 6.5.0.2 | ||
| Cisco UCS Director 6.7.2.0 | ||
| Cisco UCS Director 6.6.0.0 | ||
| Cisco UCS Director 6.7.0.0 | ||
| Cisco UCS Director 6.5.0.1 | ||
| Cisco UCS Director 6.0.1.0 | ||
| Cisco UCS Director 6.0.1.1 | ||
| Cisco UCS Director 6.7.3.0 | ||
| Cisco UCS Director 6.7.1.0 | ||
| Cisco UCS Director 6.0.1.3 | ||
| Cisco UCS Director 6.6.1.0 |
Timeline
- Apr 16, 2020 CVE ID Reserved
- Apr 28, 2020 CVE Published