CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-3470

CVSS 9.8v3.1pub. 2020-11-18upd. 2024-11-21

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco C125 M5

    HW
    Cisco
    wszystkie wersje
  • Cisco C220 M5

    HW
    Cisco
    wszystkie wersje
  • Cisco C240 M5

    HW
    Cisco
    wszystkie wersje
  • Cisco C480 M5

    HW
    Cisco
    wszystkie wersje
  • Cisco C480 Ml M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Enterprise Network Compute System 5100

    HW
    Cisco
    wszystkie wersje
  • Cisco Enterprise Network Compute System 5400

    HW
    Cisco
    wszystkie wersje
  • Cisco Enterprise Nfv Infrastructure Software

    APP
    Cisco
    < 4.4.1
  • Cisco Integrated Management Controller

    APP
    Cisco
    < 3.2.11.34.0\(1a\) – 4.0\(4l\)3.0\(1c\) – 3.0\(4q\)4.0\(1a\) – 4.0\(2l\)4.1\(1c\) – 4.1\(1f\)3.1 – 4.0\(4l\)
  • Cisco Ucs C220 M3

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs C220 M4

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs C22 M3

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs C240 M3

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs C24 M3

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs C420 M3

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs C460 M4

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs E Series M1

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs E Series M2

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs E Series M3

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs S3160

    HW
    Cisco
    wszystkie wersje
  • Cisco Ucs S3260

    HW
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2022-20779CRITICAL9.9ten sam produkt

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to es...

CVE-2022-20777CRITICAL9.9ten sam produkt

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to es...

CVE-2022-20780CRITICAL9.9ten sam produkt

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to es...

CVE-2021-34746CRITICAL9.8ten sam produkt

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise ...