10
CVSSv2

CVE-2020-3470

Published: 18/11/2020 Updated: 02/12/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote malicious user to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the malicious user to execute arbitrary code with root privileges on the underlying operating system (OS).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco enterprise_nfv_infrastructure_software

cisco integrated_management_controller

Vendor Advisories

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges The vulnerabilities are due to improper boundary checks for certain user-supplied input An attacker could exploit these vulnerabilities by sending a crafted H ...