Sign-up

ID

VAR-202007-1046


CVE

CVE-2020-3380


TITLE

Cisco Data Center Network Manager Insertion or modification vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008348

DESCRIPTION

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. Cisco Data Center Network Manager (DCNM) Is vulnerable to insertion or modification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3380 // JVNDB: JVNDB-2020-008348 // VULHUB: VHN-181505

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008348 // NVD: CVE-2020-3380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3380
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3380
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008348
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1046
value: HIGH

Trust: 0.6

VULHUB: VHN-181505
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3380
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008348
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181505
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3380
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3380
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008348
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181505 // JVNDB: JVNDB-2020-008348 // CNNVD: CNNVD-202007-1046 // NVD: CVE-2020-3380 // NVD: CVE-2020-3380

PROBLEMTYPE DATA

problemtype:CWE-88

Trust: 1.9

sources: VULHUB: VHN-181505 // JVNDB: JVNDB-2020-008348 // NVD: CVE-2020-3380

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1046

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008348

PATCH
title:cisco-sa-dcnm-privescal-zxfCH7Dgurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-privescal-zxfCH7Dg
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008348

EXTERNAL IDS
db:NVDid:CVE-2020-3380
Trust: 2.5
db:JVNDBid:JVNDB-2020-008348
Trust: 0.8
db:CNNVDid:CNNVD-202007-1046
Trust: 0.7
db:NSFOCUSid:47415
Trust: 0.6
db:AUSCERTid:ESB-2020.2426
Trust: 0.6
db:VULHUBid:VHN-181505
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181505 // 
            
            
            
            JVNDB: JVNDB-2020-008348 // 
            
            
            
            CNNVD: CNNVD-202007-1046 // 
            
            
            
            NVD: CVE-2020-3380

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-privescal-zxfch7dg
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3380
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3380
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2426/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47415
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-cli-32852
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181505 // 
            
            
            
            JVNDB: JVNDB-2020-008348 // 
            
            
            
            CNNVD: CNNVD-202007-1046 // 
            
            
            
            NVD: CVE-2020-3380

SOURCES
db:VULHUBid:VHN-181505
db:JVNDBid:JVNDB-2020-008348
db:CNNVDid:CNNVD-202007-1046
db:NVDid:CVE-2020-3380

LAST UPDATE DATE
2024-08-14T14:03:38.377000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181505date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-008348date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1046date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3380date:2020-07-22T18:43:50.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-181505date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008348date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1046date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3380date:2020-07-16T18:15:18.800