CVE-2020-3377OS Command Injection in Cisco Data Center Network Manager

CWE-78OS Command Injection35 documents5 sources
Severity
8.8HIGHNVD
CNA6.3
EPSS
0.7%
top 28.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedJul 31
Latest updateMay 24

Description

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-cvp7-c3qw-m5fw: A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject2022-05-24
CVEList
Cisco Data Center Network Manager Command Injection Vulnerability2020-07-31

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Command Injection Vulnerability2020-07-29

💬Community

31
Bugzilla
CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia2020-07-28
Bugzilla
CVE-2020-6541 chromium-browser: Use after free in WebUSB2020-07-28
Bugzilla
CVE-2020-6538 chromium-browser: Inappropriate implementation in WebView2020-07-28
Bugzilla
CVE-2020-6537 chromium-browser: Type Confusion in V82020-07-28
Bugzilla
CVE-2020-6539 chromium-browser: Use after free in CSS2020-07-28