CVE-2020-3380 — Argument Injection in Cisco Data Center Network Manager

CWE-88 — Argument Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 58.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Data Center Network Manager

Timeline

PublishedJul 16

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/data_center_network_manager< 11.4\(1\)

▶CVEListV5cisco/cisco_data_center_network_managern/a

🔴Vulnerability Details

GHSA

GHSA-j7v8-j8px-7phx: A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and↗2022-05-24

▶

CVEList

Cisco Data Center Network Manager Privilege Escalation Vulnerability↗2020-07-16

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Privilege Escalation Vulnerability↗2020-07-15

▶