Sign-up

ID

VAR-202007-1043


CVE

CVE-2020-3377


TITLE

Cisco Data Center Network Manager In OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-008961

DESCRIPTION

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. The following products and versions are affected: Cisco DCNM Release 11.0(1), Release 11.1(1), Release 11.2(1), Release 11.3(1)

Trust: 1.71

sources: NVD: CVE-2020-3377 // JVNDB: JVNDB-2020-008961 // VULHUB: VHN-181502

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:eqversion:11.2\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.1\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008961 // NVD: CVE-2020-3377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3377
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3377
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008961
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1702
value: HIGH

Trust: 0.6

VULHUB: VHN-181502
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3377
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008961
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181502
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3377
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3377
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008961
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181502 // JVNDB: JVNDB-2020-008961 // CNNVD: CNNVD-202007-1702 // NVD: CVE-2020-3377 // NVD: CVE-2020-3377

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-181502 // JVNDB: JVNDB-2020-008961 // NVD: CVE-2020-3377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1702

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1702

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008961

PATCH
title:cisco-sa-devmgr-cmd-inj-Umc8RHNhurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh
Trust: 0.8
title:Cisco Data Center Network Manager Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125726
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008961 // 
            
            
            
            CNNVD: CNNVD-202007-1702

EXTERNAL IDS
db:NVDid:CVE-2020-3377
Trust: 2.5
db:JVNDBid:JVNDB-2020-008961
Trust: 0.8
db:CNNVDid:CNNVD-202007-1702
Trust: 0.7
db:NSFOCUSid:47835
Trust: 0.6
db:AUSCERTid:ESB-2020.2600
Trust: 0.6
db:CNVDid:CNVD-2020-44063
Trust: 0.1
db:VULHUBid:VHN-181502
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181502 // 
            
            
            
            JVNDB: JVNDB-2020-008961 // 
            
            
            
            CNNVD: CNNVD-202007-1702 // 
            
            
            
            NVD: CVE-2020-3377

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-devmgr-cmd-inj-umc8rhnh
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3377
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3377
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2600/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-code-execution-via-device-manager-32971
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47835
Trust: 0.6
url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181502 // 
            
            
            
            JVNDB: JVNDB-2020-008961 // 
            
            
            
            CNNVD: CNNVD-202007-1702 // 
            
            
            
            NVD: CVE-2020-3377

SOURCES
db:VULHUBid:VHN-181502
db:JVNDBid:JVNDB-2020-008961
db:CNNVDid:CNNVD-202007-1702
db:NVDid:CVE-2020-3377

LAST UPDATE DATE
2024-08-14T14:03:38.267000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181502date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008961date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1702date:2020-08-18T00:00:00
db:NVDid:CVE-2020-3377date:2023-11-07T03:22:39.203

SOURCES RELEASE DATE
db:VULHUBid:VHN-181502date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008961date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1702date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3377date:2020-07-31T00:15:13.053