RCE in UCS-Director (CVE-2020-3240)
Multiple Vulnerabilities has been found in Cisco UCS Director and Cisco UCS Director Express for Big Data leading to RCE and Authentication Bypass.
- CVSS: 9.8
- Advisory: Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
A POC/Exploit-Code had released at the same time as the Advisory by MR_ME
777 Cisco UCS-Installations can be found online, but cannot attributed 100% for sure to that special application (UCS-Productname is used for KVM/KVM-Management as well, but you wouldnt want this to be externally accessible anyway)
RCE in Cisco IP-Phones, dating back to 2016 (CVE-2016-1421)
A critical bug in the webapplication of Cisco IP-Phones, discovered around 2016, has been fixed in 2020-04. The vuln leads to an easily exploitable RCE.
Fragen? Kontakt: firstname.lastname@example.org