Sign-up

ID

VAR-202006-1145


CVE

CVE-2020-3354


TITLE

Cisco Data Center Network Manager Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006927

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3354 // JVNDB: JVNDB-2020-006927 // VULHUB: VHN-181479

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:lteversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006927 // NVD: CVE-2020-3354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3354
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3354
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006927
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1137
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181479
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3354
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006927
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181479
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3354
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3354
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006927
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181479 // JVNDB: JVNDB-2020-006927 // CNNVD: CNNVD-202006-1137 // NVD: CVE-2020-3354 // NVD: CVE-2020-3354

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-181479 // JVNDB: JVNDB-2020-006927 // NVD: CVE-2020-3354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1137

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202006-1137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006927

PATCH
title:cisco-sa-dcnm-stored-xss-VyE4bNAhurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-stored-xss-VyE4bNAh
Trust: 0.8
title:Cisco Data Center Network Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121830
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006927 // 
            
            
            
            CNNVD: CNNVD-202006-1137

EXTERNAL IDS
db:NVDid:CVE-2020-3354
Trust: 2.5
db:JVNDBid:JVNDB-2020-006927
Trust: 0.8
db:CNNVDid:CNNVD-202006-1137
Trust: 0.7
db:AUSCERTid:ESB-2020.2115
Trust: 0.6
db:CNVDid:CNVD-2020-34292
Trust: 0.1
db:VULHUBid:VHN-181479
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181479 // 
            
            
            
            JVNDB: JVNDB-2020-006927 // 
            
            
            
            CNNVD: CNNVD-202006-1137 // 
            
            
            
            NVD: CVE-2020-3354

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-stored-xss-vye4bnah
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3354
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3354
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2115/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-cross-site-scripting-32553
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181479 // 
            
            
            
            JVNDB: JVNDB-2020-006927 // 
            
            
            
            CNNVD: CNNVD-202006-1137 // 
            
            
            
            NVD: CVE-2020-3354

SOURCES
db:VULHUBid:VHN-181479
db:JVNDBid:JVNDB-2020-006927
db:CNNVDid:CNNVD-202006-1137
db:NVDid:CVE-2020-3354

LAST UPDATE DATE
2024-08-14T14:56:19.097000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181479date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-006927date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1137date:2020-06-30T00:00:00
db:NVDid:CVE-2020-3354date:2020-06-24T17:16:18.213

SOURCES RELEASE DATE
db:VULHUBid:VHN-181479date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006927date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1137date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3354date:2020-06-18T03:15:14.120