Sign-up

ID

VAR-202008-0829


CVE

CVE-2020-3521


TITLE

Cisco Data Center Network Manager Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010214

DESCRIPTION

A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker with a low-privileged account could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to read arbitrary files on the affected system. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3521 // JVNDB: JVNDB-2020-010214 // VULHUB: VHN-181646

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010214 // NVD: CVE-2020-3521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3521
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3521
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010214
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-955
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181646
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3521
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010214
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181646
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3521
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3521
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010214
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181646 // JVNDB: JVNDB-2020-010214 // CNNVD: CNNVD-202008-955 // NVD: CVE-2020-3521 // NVD: CVE-2020-3521

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181646 // JVNDB: JVNDB-2020-010214 // NVD: CVE-2020-3521

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-955

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-955

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010214

PATCH
title:cisco-sa-dcnm-file-path-6PKONjHeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-file-path-6PKONjHe
Trust: 0.8
title:Cisco Data Center Network Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126751
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010214 // 
            
            
            
            CNNVD: CNNVD-202008-955

EXTERNAL IDS
db:NVDid:CVE-2020-3521
Trust: 2.5
db:JVNDBid:JVNDB-2020-010214
Trust: 0.8
db:CNNVDid:CNNVD-202008-955
Trust: 0.7
db:NSFOCUSid:48725
Trust: 0.6
db:AUSCERTid:ESB-2020.2855
Trust: 0.6
db:CNVDid:CNVD-2020-48218
Trust: 0.1
db:VULHUBid:VHN-181646
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181646 // 
            
            
            
            JVNDB: JVNDB-2020-010214 // 
            
            
            
            CNNVD: CNNVD-202008-955 // 
            
            
            
            NVD: CVE-2020-3521

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-file-path-6pkonjhe
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3521
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3521
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-directory-traversal-via-rest-api-33112
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2855/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48725
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181646 // 
            
            
            
            JVNDB: JVNDB-2020-010214 // 
            
            
            
            CNNVD: CNNVD-202008-955 // 
            
            
            
            NVD: CVE-2020-3521

SOURCES
db:VULHUBid:VHN-181646
db:JVNDBid:JVNDB-2020-010214
db:CNNVDid:CNNVD-202008-955
db:NVDid:CVE-2020-3521

LAST UPDATE DATE
2024-08-14T13:24:15.063000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181646date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2020-010214date:2020-12-28T06:45:38
db:CNNVDid:CNNVD-202008-955date:2020-09-14T00:00:00
db:NVDid:CVE-2020-3521date:2023-11-07T03:22:51.130

SOURCES RELEASE DATE
db:VULHUBid:VHN-181646date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010214date:2020-12-28T06:45:38
db:CNNVDid:CNNVD-202008-955date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3521date:2020-08-26T17:15:14.833