CVE-2020-3383 — Improper Input Validation in Cisco Data Center Network Manager

CWE-20 — Improper Input Validation CWE-22 — Path Traversal4 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.5%

top 18.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Data Center Network Manager

Timeline

PublishedJul 31

Latest updateMay 24

Description

A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privile…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/data_center_network_manager< 11.4\(1\)

▶CVEListV5cisco/cisco_data_center_network_managern/a

🔴Vulnerability Details

GHSA

GHSA-65m5-fvm9-qxv6: A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory↗2022-05-24

▶

CVEList

Cisco Data Center Network Manager Path Traversal Vulnerability↗2020-07-31

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Path Traversal Vulnerability↗2020-07-29

▶