Sign-up

ID

VAR-202007-1049


CVE

CVE-2020-3383


TITLE

Cisco Data Center Network Manager Path traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008963

DESCRIPTION

A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. (DoS) It may be put into a state. Cisco Data Center Network Manager (DCNM) is a data center management system of Cisco (Cisco). The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2020-3383 // JVNDB: JVNDB-2020-008963 // VULHUB: VHN-181508 // VULMON: CVE-2020-3383

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008963 // NVD: CVE-2020-3383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3383
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3383
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008963
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1696
value: HIGH

Trust: 0.6

VULHUB: VHN-181508
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3383
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3383
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008963
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181508
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3383
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008963
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181508 // VULMON: CVE-2020-3383 // JVNDB: JVNDB-2020-008963 // CNNVD: CNNVD-202007-1696 // NVD: CVE-2020-3383 // NVD: CVE-2020-3383

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-181508 // JVNDB: JVNDB-2020-008963 // NVD: CVE-2020-3383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1696

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1696

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008963

PATCH
title:cisco-sa-dcnm-path-trav-2xZOnJdRurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-path-trav-2xZOnJdR
Trust: 0.8
title:Cisco Data Center Network Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125206
Trust: 0.6
title:Cisco: Cisco Data Center Network Manager Path Traversal Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-path-trav-2xZOnJdR
Trust: 0.1
title:CVE-2020-3383url:https://github.com/AlAIAL90/CVE-2020-3383 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3383 // 
            
            
            
            JVNDB: JVNDB-2020-008963 // 
            
            
            
            CNNVD: CNNVD-202007-1696

EXTERNAL IDS
db:NVDid:CVE-2020-3383
Trust: 2.6
db:JVNDBid:JVNDB-2020-008963
Trust: 0.8
db:CNNVDid:CNNVD-202007-1696
Trust: 0.7
db:NSFOCUSid:47806
Trust: 0.6
db:AUSCERTid:ESB-2020.2600
Trust: 0.6
db:CNVDid:CNVD-2020-44065
Trust: 0.1
db:VULHUBid:VHN-181508
Trust: 0.1
db:VULMONid:CVE-2020-3383
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181508 // 
            
            
            
            VULMON: CVE-2020-3383 // 
            
            
            
            JVNDB: JVNDB-2020-008963 // 
            
            
            
            CNNVD: CNNVD-202007-1696 // 
            
            
            
            NVD: CVE-2020-3383

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-path-trav-2xzonjdr
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-3383
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3383
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2600/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-directory-traversal-via-archive-utility-32967
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47806
Trust: 0.6
url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3383
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181508 // 
            
            
            
            VULMON: CVE-2020-3383 // 
            
            
            
            JVNDB: JVNDB-2020-008963 // 
            
            
            
            CNNVD: CNNVD-202007-1696 // 
            
            
            
            NVD: CVE-2020-3383

SOURCES
db:VULHUBid:VHN-181508
db:VULMONid:CVE-2020-3383
db:JVNDBid:JVNDB-2020-008963
db:CNNVDid:CNNVD-202007-1696
db:NVDid:CVE-2020-3383

LAST UPDATE DATE
2024-08-14T14:03:38.132000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181508date:2021-08-06T00:00:00
db:VULMONid:CVE-2020-3383date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-008963date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1696date:2020-08-17T00:00:00
db:NVDid:CVE-2020-3383date:2023-11-07T03:22:39.430

SOURCES RELEASE DATE
db:VULHUBid:VHN-181508date:2020-07-31T00:00:00
db:VULMONid:CVE-2020-3383date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008963date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1696date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3383date:2020-07-31T00:15:13.227