CVE-2020-3384 Information

Description

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-rest-inj-BCt8pwAJ

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

LOW

Base Severity

8.2