Sign-up

ID

VAR-202007-1060


CVE

CVE-2020-3462


TITLE

Cisco Data Center Network Manager In SQL Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-008959

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. The vulnerability is caused by the fact that the program does not correctly verify the parameters submitted by the user

Trust: 1.71

sources: NVD: CVE-2020-3462 // JVNDB: JVNDB-2020-008959 // VULHUB: VHN-181587

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008959 // NVD: CVE-2020-3462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3462
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3462
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008959
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1692
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181587
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3462
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008959
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181587
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3462
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008959
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181587 // JVNDB: JVNDB-2020-008959 // CNNVD: CNNVD-202007-1692 // NVD: CVE-2020-3462 // NVD: CVE-2020-3462

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-181587 // JVNDB: JVNDB-2020-008959 // NVD: CVE-2020-3462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1692

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1692

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008959

PATCH
title:cisco-sa-dcnm-sql-inject-8hk6PwmFurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inject-8hk6PwmF
Trust: 0.8
title:Cisco Data Center Network Manager SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125202
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008959 // 
            
            
            
            CNNVD: CNNVD-202007-1692

EXTERNAL IDS
db:NVDid:CVE-2020-3462
Trust: 2.5
db:JVNDBid:JVNDB-2020-008959
Trust: 0.8
db:CNNVDid:CNNVD-202007-1692
Trust: 0.7
db:NSFOCUSid:47808
Trust: 0.6
db:AUSCERTid:ESB-2020.2600
Trust: 0.6
db:CNVDid:CNVD-2020-44069
Trust: 0.1
db:VULHUBid:VHN-181587
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181587 // 
            
            
            
            JVNDB: JVNDB-2020-008959 // 
            
            
            
            CNNVD: CNNVD-202007-1692 // 
            
            
            
            NVD: CVE-2020-3462

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-sql-inject-8hk6pwmf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3462
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3462
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2600/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47808
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-sql-injection-via-web-based-management-interface-32969
Trust: 0.6
url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181587 // 
            
            
            
            JVNDB: JVNDB-2020-008959 // 
            
            
            
            CNNVD: CNNVD-202007-1692 // 
            
            
            
            NVD: CVE-2020-3462

SOURCES
db:VULHUBid:VHN-181587
db:JVNDBid:JVNDB-2020-008959
db:CNNVDid:CNNVD-202007-1692
db:NVDid:CVE-2020-3462

LAST UPDATE DATE
2024-08-14T14:03:38.240000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181587date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008959date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1692date:2020-08-17T00:00:00
db:NVDid:CVE-2020-3462date:2023-11-07T03:22:45.093

SOURCES RELEASE DATE
db:VULHUBid:VHN-181587date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008959date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1692date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3462date:2020-07-31T00:15:13.587