CVE-2020-3519: Input Validation
First published: Wed Aug 26 2020(Updated: )
A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Data Center Network Manager | <11.4\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3519?
CVE-2020-3519 is a vulnerability in Cisco Data Center Network Manager (DCNM) Software that allows an authenticated remote attacker to conduct a path traversal attack on an affected device.
What is the severity of CVE-2020-3519?
The severity of CVE-2020-3519 is high with a CVSS score of 8.1.
How does CVE-2020-3519 work?
CVE-2020-3519 is caused by insufficient validation of user-supplied input to a specific REST API method, allowing a path traversal attack.
Which version of Cisco Data Center Network Manager is affected by CVE-2020-3519?
Cisco Data Center Network Manager versions up to 11.4(1) are affected by CVE-2020-3519.
How can I fix CVE-2020-3519?
To fix CVE-2020-3519, it is recommended to upgrade to a version of Cisco Data Center Network Manager that is not affected by the vulnerability.
- collector/nvd-index
- vendor/cisco
- canonical/cisco data center network manager