E20-10x31
CVSS:
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
t
Variants:
1
Year:
2020
Description
A directory traversal vulnerability exists in Cisco UCS Directory.
The vulnerability is due to insufficient validation of user input within 'ApplianceStorageUtil' class.
A remote authenticated attacker can exploit the vulnerability by sending malicious requests to the target server.
Successful exploitation could result in the arbitrary file write and remote code execution under the security context of web server.
CVE
References
Metasploit
http://www.zerodayinitiative.com/advisories/ZDI-20-539
Zdi
20-539