CVE-2020-3377
MEDIUMCisco Data Center Network Manager - Authenticated OS Command Injection via Device Manager Input Field
Title source: llmDescription
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh
Scores
CVSS v3
6.3
EPSS
0.0066
EPSS Percentile
71.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-78
Status
published
Products (4)
cisco/data_center_network_manager
11.0\(1\)
cisco/data_center_network_manager
11.1\(1\)
cisco/data_center_network_manager
11.2\(1\)
cisco/data_center_network_manager
11.3\(1\)
Published
Jul 31, 2020
Tracked Since
Feb 18, 2026