cbcvebase.
CVE-2020-3383
published 2020-07-31

CVE-2020-3383: A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal…

PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
7.04%
93.4th percentile
A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_data_center_network_manager
ciscodata_center_network_manager< 11.4\(1\)11.4\(1\)
ciscodata_center_network_manager_path

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a crafted request containing archive files with embedded path traversal sequences sent to a Cisco DCNM endpoint by an authenticated remote attacker
  • The vulnerability resides in the archive utility of Cisco DCNM; monitor for archive file uploads (e.g., ZIP/TAR) containing directory traversal sequences (e.g., '../') in embedded file paths submitted to DCNM
  • Track Cisco internal Bug ID CSCvu28384 for patch and indicator correlation
  • ·Exploitation requires prior authentication; unauthenticated access alone is insufficient to trigger this vulnerability
  • ·No workarounds exist; the only remediation is applying Cisco's released software updates

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.