CVE-2020-3470

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) that could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. These vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system, potentially leading to an exploitable buffer overflow condition. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.