CVE-2020-3538

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) Software (affected versions not specified) Cisco Firepower Management Center (FMC) (affected versions not specified)

Description The issue is related to insufficient path restriction enforcement in a certain REST API endpoint, allowing an authenticated, remote attacker to perform a path traversal attack. This could be exploited by sending crafted HTTP requests, potentially enabling the attacker to overwrite or list arbitrary files on the affected device. Additionally, there's a vulnerability in the web interface of Cisco Firepower Management Center (FMC) related to URL processing errors, which could allow a remote attacker to redirect a user to an arbitrary URL.

Recommendations For Cisco Data Center Network Manager (DCNM) Software, update to the latest software version that addresses this issue. For Cisco Firepower Management Center (FMC), consider restricting access to the vulnerable web interface until a patch is available. As a temporary workaround, consider disabling the vulnerable REST API endpoint until a software update is applied.