ID

VAR-202007-1043


CVE

CVE-2020-3377


TITLE

Cisco Data Center Network Manager In OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-008961

DESCRIPTION

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. The following products and versions are affected: Cisco DCNM Release 11.0(1), Release 11.1(1), Release 11.2(1), Release 11.3(1)

Trust: 1.71

sources: NVD: CVE-2020-3377 // JVNDB: JVNDB-2020-008961 // VULHUB: VHN-181502

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:eqversion:11.2\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.1\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008961 // NVD: CVE-2020-3377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3377
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3377
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008961
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1702
value: HIGH

Trust: 0.6

VULHUB: VHN-181502
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3377
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008961
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181502
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3377
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3377
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008961
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181502 // JVNDB: JVNDB-2020-008961 // CNNVD: CNNVD-202007-1702 // NVD: CVE-2020-3377 // NVD: CVE-2020-3377

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-181502 // JVNDB: JVNDB-2020-008961 // NVD: CVE-2020-3377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1702

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1702

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008961

PATCH

title:cisco-sa-devmgr-cmd-inj-Umc8RHNhurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh

Trust: 0.8

title:Cisco Data Center Network Manager Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125726

Trust: 0.6

sources: JVNDB: JVNDB-2020-008961 // CNNVD: CNNVD-202007-1702

EXTERNAL IDS

db:NVDid:CVE-2020-3377

Trust: 2.5

db:JVNDBid:JVNDB-2020-008961

Trust: 0.8

db:CNNVDid:CNNVD-202007-1702

Trust: 0.7

db:NSFOCUSid:47835

Trust: 0.6

db:AUSCERTid:ESB-2020.2600

Trust: 0.6

db:CNVDid:CNVD-2020-44063

Trust: 0.1

db:VULHUBid:VHN-181502

Trust: 0.1

sources: VULHUB: VHN-181502 // JVNDB: JVNDB-2020-008961 // CNNVD: CNNVD-202007-1702 // NVD: CVE-2020-3377

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-devmgr-cmd-inj-umc8rhnh

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3377

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3377

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2600/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-code-execution-via-device-manager-32971

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47835

Trust: 0.6

url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf

Trust: 0.6

sources: VULHUB: VHN-181502 // JVNDB: JVNDB-2020-008961 // CNNVD: CNNVD-202007-1702 // NVD: CVE-2020-3377

SOURCES

db:VULHUBid:VHN-181502
db:JVNDBid:JVNDB-2020-008961
db:CNNVDid:CNNVD-202007-1702
db:NVDid:CVE-2020-3377

LAST UPDATE DATE

2024-08-14T14:03:38.267000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181502date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008961date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1702date:2020-08-18T00:00:00
db:NVDid:CVE-2020-3377date:2023-11-07T03:22:39.203

SOURCES RELEASE DATE

db:VULHUBid:VHN-181502date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008961date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1702date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3377date:2020-07-31T00:15:13.053