CVE-2020-3384
First published: Fri Jul 31 2020(Updated: )
A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Data Center Network Manager | <11.4\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3384?
CVE-2020-3384 is a vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) that could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user.
How does CVE-2020-3384 impact Cisco Data Center Network Manager?
CVE-2020-3384 impacts Cisco Data Center Network Manager by allowing an attacker to inject arbitrary commands and potentially gain unauthorized access with the privileges of the logged-in user.
What is the severity of CVE-2020-3384?
CVE-2020-3384 has a severity rating of 8.2 (high).
How can I fix CVE-2020-3384?
To fix CVE-2020-3384, it is recommended to upgrade to a version of Cisco Data Center Network Manager that is not affected by the vulnerability.
Where can I find more information about CVE-2020-3384?
You can find more information about CVE-2020-3384 on the Cisco Security Advisory page.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- vendor/cisco
- canonical/cisco data center network manager