CVE-2020-3242

Name of the Vulnerable Software and Affected Versions Cisco UCS Director (affected versions not specified)

Description The issue is related to a lack of protection for service data in Cisco UCS Director, which could allow a remote attacker to disclose sensitive information by sending a specially crafted request to the API. The vulnerability exists because confidential information is returned as part of an API response. An attacker with administrative privileges could exploit this to obtain the API key of another user, allowing them to impersonate that user's account on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.