What is CVE-2020-3377?

CVE-2020-3377 is a vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) that allows an authenticated, remote attacker to inject arbitrary commands on the affected device.

How severe is CVE-2020-3377?

CVE-2020-3377 has a severity score of 8.8, which is considered high.

Which versions of Cisco Data Center Network Manager are affected by CVE-2020-3377?

CVE-2020-3377 affects Cisco Data Center Network Manager versions 11.0(1), 11.1(1), 11.2(1), and 11.3(1).

How can an attacker exploit CVE-2020-3377?

An attacker can exploit CVE-2020-3377 by using insufficiently validated user-supplied input to inject arbitrary commands on the affected device.

What is the Common Weakness Enumeration (CWE) of CVE-2020-3377?

CVE-2020-3377 is classified under CWE-78, which is Improper Neutralization of Special Elements Used in an OS Command ('OS Command Injection').

Vulnerability/
CVE-2020-3377

high

8.8

CWE

31/7/2020

5/8/2020

CVE-2020-3377: OS Command Injection

First published: Fri Jul 31 2020(Updated: )

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Data Center Network Manager	=11.0\(1\)
Cisco Data Center Network Manager	=11.1\(1\)
Cisco Data Center Network Manager	=11.2\(1\)
Cisco Data Center Network Manager	=11.3\(1\)

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh

Frequently Asked Questions

What is CVE-2020-3377?
CVE-2020-3377 is a vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) that allows an authenticated, remote attacker to inject arbitrary commands on the affected device.
How severe is CVE-2020-3377?
CVE-2020-3377 has a severity score of 8.8, which is considered high.
Which versions of Cisco Data Center Network Manager are affected by CVE-2020-3377?
CVE-2020-3377 affects Cisco Data Center Network Manager versions 11.0(1), 11.1(1), 11.2(1), and 11.3(1).
How can an attacker exploit CVE-2020-3377?
An attacker can exploit CVE-2020-3377 by using insufficiently validated user-supplied input to inject arbitrary commands on the affected device.
What is the Common Weakness Enumeration (CWE) of CVE-2020-3377?
CVE-2020-3377 is classified under CWE-78, which is Improper Neutralization of Special Elements Used in an OS Command ('OS Command Injection').

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/tags
agent/event
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
vendor/cisco
canonical/cisco data center network manager
version/cisco data center network manager/11.0\(1\)
version/cisco data center network manager/11.1\(1\)
version/cisco data center network manager/11.2\(1\)
version/cisco data center network manager/11.3\(1\)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.