ID

VAR-202007-1046


CVE

CVE-2020-3380


TITLE

Cisco Data Center Network Manager Insertion or modification vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008348

DESCRIPTION

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by authenticating as the fmserver user and submitting malicious input to a specific command. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. Cisco Data Center Network Manager (DCNM) Is vulnerable to insertion or modification.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3380 // JVNDB: JVNDB-2020-008348 // VULHUB: VHN-181505

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008348 // NVD: CVE-2020-3380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3380
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3380
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008348
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1046
value: HIGH

Trust: 0.6

VULHUB: VHN-181505
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3380
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008348
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181505
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3380
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3380
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008348
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181505 // JVNDB: JVNDB-2020-008348 // CNNVD: CNNVD-202007-1046 // NVD: CVE-2020-3380 // NVD: CVE-2020-3380

PROBLEMTYPE DATA

problemtype:CWE-88

Trust: 1.9

sources: VULHUB: VHN-181505 // JVNDB: JVNDB-2020-008348 // NVD: CVE-2020-3380

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1046

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1046

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008348

PATCH

title:cisco-sa-dcnm-privescal-zxfCH7Dgurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-privescal-zxfCH7Dg

Trust: 0.8

sources: JVNDB: JVNDB-2020-008348

EXTERNAL IDS

db:NVDid:CVE-2020-3380

Trust: 2.5

db:JVNDBid:JVNDB-2020-008348

Trust: 0.8

db:CNNVDid:CNNVD-202007-1046

Trust: 0.7

db:NSFOCUSid:47415

Trust: 0.6

db:AUSCERTid:ESB-2020.2426

Trust: 0.6

db:VULHUBid:VHN-181505

Trust: 0.1

sources: VULHUB: VHN-181505 // JVNDB: JVNDB-2020-008348 // CNNVD: CNNVD-202007-1046 // NVD: CVE-2020-3380

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-privescal-zxfch7dg

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3380

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3380

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2426/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47415

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-cli-32852

Trust: 0.6

sources: VULHUB: VHN-181505 // JVNDB: JVNDB-2020-008348 // CNNVD: CNNVD-202007-1046 // NVD: CVE-2020-3380

SOURCES

db:VULHUBid:VHN-181505
db:JVNDBid:JVNDB-2020-008348
db:CNNVDid:CNNVD-202007-1046
db:NVDid:CVE-2020-3380

LAST UPDATE DATE

2024-08-14T14:03:38.377000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181505date:2020-07-22T00:00:00
db:JVNDBid:JVNDB-2020-008348date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1046date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3380date:2020-07-22T18:43:50.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-181505date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008348date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1046date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3380date:2020-07-16T18:15:18.800