ID

VAR-202006-1146


CVE

CVE-2020-3355


TITLE

Cisco Data Center Network Manager Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006928

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3355 // JVNDB: JVNDB-2020-006928 // VULHUB: VHN-181480

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:lteversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006928 // NVD: CVE-2020-3355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3355
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3355
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006928
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1138
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181480
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3355
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006928
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181480
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3355
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3355
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006928
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181480 // JVNDB: JVNDB-2020-006928 // CNNVD: CNNVD-202006-1138 // NVD: CVE-2020-3355 // NVD: CVE-2020-3355

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-181480 // JVNDB: JVNDB-2020-006928 // NVD: CVE-2020-3355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1138

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202006-1138

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006928

PATCH

title:cisco-sa-dcnm-stored-xss-yJyqBJGUurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-stored-xss-yJyqBJGU

Trust: 0.8

title:Cisco Data Center Network Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121831

Trust: 0.6

sources: JVNDB: JVNDB-2020-006928 // CNNVD: CNNVD-202006-1138

EXTERNAL IDS

db:NVDid:CVE-2020-3355

Trust: 2.5

db:JVNDBid:JVNDB-2020-006928

Trust: 0.8

db:CNNVDid:CNNVD-202006-1138

Trust: 0.7

db:AUSCERTid:ESB-2020.2115

Trust: 0.6

db:CNVDid:CNVD-2020-34293

Trust: 0.1

db:VULHUBid:VHN-181480

Trust: 0.1

sources: VULHUB: VHN-181480 // JVNDB: JVNDB-2020-006928 // CNNVD: CNNVD-202006-1138 // NVD: CVE-2020-3355

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-stored-xss-yjyqbjgu

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3355

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3355

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2115/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-cross-site-scripting-32555

Trust: 0.6

sources: VULHUB: VHN-181480 // JVNDB: JVNDB-2020-006928 // CNNVD: CNNVD-202006-1138 // NVD: CVE-2020-3355

SOURCES

db:VULHUBid:VHN-181480
db:JVNDBid:JVNDB-2020-006928
db:CNNVDid:CNNVD-202006-1138
db:NVDid:CVE-2020-3355

LAST UPDATE DATE

2024-08-14T14:56:19.122000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181480date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-006928date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1138date:2020-06-30T00:00:00
db:NVDid:CVE-2020-3355date:2020-06-24T17:03:39.687

SOURCES RELEASE DATE

db:VULHUBid:VHN-181480date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006928date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1138date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3355date:2020-06-18T03:15:14.213