PT-2020-5184 · Cisco · Cisco Data Center Network Manager

Published

2020-08-19

Updated

2020-08-28

CVE-2020-3519

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) Software (affected versions not specified)

Description The issue is related to a specific REST API method in Cisco Data Center Network Manager (DCNM) Software, where insufficient validation of user-supplied input allows an authenticated, remote attacker to conduct a path traversal attack. This could enable the attacker to overwrite arbitrary files on the affected device by sending a crafted request to the API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-05800

CVE-2020-3519

Affected Products

Cisco Data Center Network Manager

PT-2020-5184 · Cisco · Cisco Data Center Network Manager

CVE-2020-3519

Weakness Enumeration

Related Identifiers

Affected Products

References · 4