ID

VAR-202007-1049


CVE

CVE-2020-3383


TITLE

Cisco Data Center Network Manager Path traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008963

DESCRIPTION

A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. (DoS) It may be put into a state. Cisco Data Center Network Manager (DCNM) is a data center management system of Cisco (Cisco). The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2020-3383 // JVNDB: JVNDB-2020-008963 // VULHUB: VHN-181508 // VULMON: CVE-2020-3383

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008963 // NVD: CVE-2020-3383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3383
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3383
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008963
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1696
value: HIGH

Trust: 0.6

VULHUB: VHN-181508
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3383
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3383
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008963
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181508
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3383
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008963
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181508 // VULMON: CVE-2020-3383 // JVNDB: JVNDB-2020-008963 // CNNVD: CNNVD-202007-1696 // NVD: CVE-2020-3383 // NVD: CVE-2020-3383

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-181508 // JVNDB: JVNDB-2020-008963 // NVD: CVE-2020-3383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1696

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1696

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008963

PATCH

title:cisco-sa-dcnm-path-trav-2xZOnJdRurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-path-trav-2xZOnJdR

Trust: 0.8

title:Cisco Data Center Network Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125206

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager Path Traversal Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-path-trav-2xZOnJdR

Trust: 0.1

title:CVE-2020-3383url:https://github.com/AlAIAL90/CVE-2020-3383

Trust: 0.1

sources: VULMON: CVE-2020-3383 // JVNDB: JVNDB-2020-008963 // CNNVD: CNNVD-202007-1696

EXTERNAL IDS

db:NVDid:CVE-2020-3383

Trust: 2.6

db:JVNDBid:JVNDB-2020-008963

Trust: 0.8

db:CNNVDid:CNNVD-202007-1696

Trust: 0.7

db:NSFOCUSid:47806

Trust: 0.6

db:AUSCERTid:ESB-2020.2600

Trust: 0.6

db:CNVDid:CNVD-2020-44065

Trust: 0.1

db:VULHUBid:VHN-181508

Trust: 0.1

db:VULMONid:CVE-2020-3383

Trust: 0.1

sources: VULHUB: VHN-181508 // VULMON: CVE-2020-3383 // JVNDB: JVNDB-2020-008963 // CNNVD: CNNVD-202007-1696 // NVD: CVE-2020-3383

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-path-trav-2xzonjdr

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-3383

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3383

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2600/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-directory-traversal-via-archive-utility-32967

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47806

Trust: 0.6

url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-3383

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181508 // VULMON: CVE-2020-3383 // JVNDB: JVNDB-2020-008963 // CNNVD: CNNVD-202007-1696 // NVD: CVE-2020-3383

SOURCES

db:VULHUBid:VHN-181508
db:VULMONid:CVE-2020-3383
db:JVNDBid:JVNDB-2020-008963
db:CNNVDid:CNNVD-202007-1696
db:NVDid:CVE-2020-3383

LAST UPDATE DATE

2024-08-14T14:03:38.132000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181508date:2021-08-06T00:00:00
db:VULMONid:CVE-2020-3383date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-008963date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1696date:2020-08-17T00:00:00
db:NVDid:CVE-2020-3383date:2023-11-07T03:22:39.430

SOURCES RELEASE DATE

db:VULHUBid:VHN-181508date:2020-07-31T00:00:00
db:VULMONid:CVE-2020-3383date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008963date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1696date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3383date:2020-07-31T00:15:13.227