What is CVE-2020-3470?

CVE-2020-3470 is a critical-severity vulnerability in Cisco Unified Computing System (Standalone), classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2020-11-18.

How severe is CVE-2020-3470?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2020-3470 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Cisco Unified Computing System (Standalone)

CVE-2020-3470

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary…

Vulnerability class: Buffer Overflow

EPSS: 0.032 (87.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Unified Computing System (Standalone) — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

n0-traces/cve_

References

20201118 Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3470?: CVE-2020-3470 is a critical-severity vulnerability in Cisco Unified Computing System (Standalone), classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2020-11-18.
How severe is CVE-2020-3470?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2020-3470 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.