CVE-2020-3439: XSS
First published: Wed Aug 26 2020(Updated: )
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Data Center Network Manager | <11.4\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3439?
CVE-2020-3439 is a vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software that allows an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
What is the severity of CVE-2020-3439?
CVE-2020-3439 has a severity rating of medium with a CVSS score of 4.8.
How does CVE-2020-3439 affect Cisco Data Center Network Manager?
CVE-2020-3439 affects all versions of Cisco Data Center Network Manager up to and including version 11.4(1).
What is cross-site scripting (XSS)?
Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users.
Is there a fix for CVE-2020-3439?
Cisco has released a security advisory with guidance on how to mitigate the vulnerability. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- vendor/cisco
- canonical/cisco data center network manager