PT-2020-30: Multiple code execution in Cisco Integrated Management Controller (CIMC)

Cisco Integrated Management Controller (CIMC)

Severity:

Severity level: High
Impact: Multiple code execution in Cisco Integrated Management Controller (CIMC)
Access Vector: Remote

CVSS v3.1
Base Score: 9,8
Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X)
CVE-2020-3470

Vulnerability description:

The vulnerabilities are caused by incorrect bounds checking when handling certain user data.

Advisory status:

11.04.2020 - Vendor notification date
18.11.2020 - Security advisory publication date (https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-ucs-api-rce-UXwpeDHd.html)

Credits:

The vulnerability was discovered by Nikita Abramov, Positive Research Center (Positive Technologies Company)