CVE-2020-3377

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM.

Published: Jul 31, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3377
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / data_center_network_manager	11.0(1)	11.0(1).x
cisco / data_center_network_manager	11.1(1)	11.1(1).x
cisco / data_center_network_manager	11.2(1)	11.2(1).x
cisco / data_center_network_manager	11.3(1)	11.3(1).x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh

Vulnerability Database

289,599

CVE-2020-3377