[SB 20.12] Cisco: RCE in UCS Director (CVE-2020-3240) and <br>IP-Phones (CVE-2016-1421)

RCE in UCS-Director (CVE-2020-3240)

Multiple Vulnerabilities has been found in Cisco UCS Director and Cisco UCS Director Express for Big Data leading to RCE and Authentication Bypass.

CVSS: 9.8
Advisory: Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

A POC/Exploit-Code had released at the same time as the Advisory by MR_ME

Link to Analysis
Link to POC

777 Cisco UCS-Installations can be found online, but cannot attributed 100% for sure to that special application (UCS-Productname is used for KVM/KVM-Management as well, but you wouldnt want this to be externally accessible anyway)

ucs

RCE in Cisco IP-Phones, dating back to 2016 (CVE-2016-1421)

A critical bug in the webapplication of Cisco IP-Phones, discovered around 2016, has been fixed in 2020-04. The vuln leads to an easily exploitable RCE.

CVSS: 9.8
Advisory: Cisco IP Phones Web Application Buffer Overflow Vulnerability

Over

ucs

Fragen? Kontakt: info@zero.bs

Filed: Sat 18 April 2020 | Security Bulletin | Tags: sb cisco rce 0day

[SB 20.12] Cisco: RCE in UCS Director (CVE-2020-3240) and
IP-Phones (CVE-2016-1421)

RCE in UCS-Director (CVE-2020-3240)

RCE in Cisco IP-Phones, dating back to 2016 (CVE-2016-1421)

Main-Links

Blog

OSS & Projects