Sign-up

ID

VAR-202008-0827


CVE

CVE-2020-3519


TITLE

Cisco Data Center Network Manager Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010212

DESCRIPTION

A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3519 // JVNDB: JVNDB-2020-010212 // VULHUB: VHN-181644

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010212 // NVD: CVE-2020-3519

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3519
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3519
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010212
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-957
value: HIGH

Trust: 0.6

VULHUB: VHN-181644
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3519
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010212
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181644
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3519
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3519
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-010212
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181644 // JVNDB: JVNDB-2020-010212 // CNNVD: CNNVD-202008-957 // NVD: CVE-2020-3519 // NVD: CVE-2020-3519

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181644 // JVNDB: JVNDB-2020-010212 // NVD: CVE-2020-3519

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-957

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-957

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010212

PATCH
title:cisco-sa-dcnm-patrav-pW9RkhyWurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-patrav-pW9RkhyW
Trust: 0.8
title:Cisco Data Center Network Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126753
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010212 // 
            
            
            
            CNNVD: CNNVD-202008-957

EXTERNAL IDS
db:NVDid:CVE-2020-3519
Trust: 2.5
db:JVNDBid:JVNDB-2020-010212
Trust: 0.8
db:CNNVDid:CNNVD-202008-957
Trust: 0.7
db:NSFOCUSid:48722
Trust: 0.6
db:AUSCERTid:ESB-2020.2855
Trust: 0.6
db:CNVDid:CNVD-2020-48589
Trust: 0.1
db:VULHUBid:VHN-181644
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181644 // 
            
            
            
            JVNDB: JVNDB-2020-010212 // 
            
            
            
            CNNVD: CNNVD-202008-957 // 
            
            
            
            NVD: CVE-2020-3519

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-patrav-pw9rkhyw
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3519
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3519
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48722
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2855/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-directory-traversal-via-rest-api-method-33115
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181644 // 
            
            
            
            JVNDB: JVNDB-2020-010212 // 
            
            
            
            CNNVD: CNNVD-202008-957 // 
            
            
            
            NVD: CVE-2020-3519

SOURCES
db:VULHUBid:VHN-181644
db:JVNDBid:JVNDB-2020-010212
db:CNNVDid:CNNVD-202008-957
db:NVDid:CVE-2020-3519

LAST UPDATE DATE
2024-08-14T13:24:15.091000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181644date:2020-08-28T00:00:00
db:JVNDBid:JVNDB-2020-010212date:2020-12-28T06:45:35
db:CNNVDid:CNNVD-202008-957date:2020-09-14T00:00:00
db:NVDid:CVE-2020-3519date:2020-08-28T16:55:29.187

SOURCES RELEASE DATE
db:VULHUBid:VHN-181644date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010212date:2020-12-28T06:45:35
db:CNNVDid:CNNVD-202008-957date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3519date:2020-08-26T17:15:14.647