First published: Fri Jul 31 2020(Updated: )
A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Data Center Network Manager | <11.4\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-3383.
The title of the vulnerability is 'A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an au...'
The severity of CVE-2020-3383 is critical (8.8).
The affected software is Cisco Data Center Network Manager (DCNM) up to version 11.4(1).
An attacker can exploit CVE-2020-3383 by conducting directory traversal attacks on an affected device.