Vulnerabilities > CVE-2020-3384 - Unspecified vulnerability in Cisco Data Center Network Manager

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

LOW

network

low complexity

cisco

NVD

Published: 2020-07-31

Updated: 2023-11-07

Summary

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Data Center Network Manager 4.0 Cisco Data Center Network Manager 4.1 Cisco Data Center Network Manager 4.2 Cisco Data Center Network Manager 5.0 Cisco Data Center Network Manager 5.2\(1\) Cisco Data Center Network Manager 10.0 Cisco Data Center Network Manager 10.1 Cisco Data Center Network Manager 10.2\(1\) Cisco Data Center Network Manager 10.3\(1\) Cisco Data Center Network Manager 10.3\(1\)S3 Cisco Data Center Network Manager 10.4\(1\) Cisco Data Center Network Manager 10.4\(1.128\) Cisco Data Center Network Manager 10.4\(2\) Cisco Data Center Network Manager 11.0\(1\) Cisco Data Center Network Manager 11.1\(1\) Cisco Data Center Network Manager 11.2\(1\) Cisco Data Center Network Manager 11.3\(1\)	17

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-rest-inj-BCt8pwAJ