CVE-2020-3384

HIGH

Cisco DCNM - Command Injection

Title source: llm

Description

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-rest-inj-BCt8pwAJ

Scores

CVSS v3 8.2

EPSS 0.0049

EPSS Percentile 65.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Classification

CWE

CWE-184

Status published

Affected Products (1)

cisco/data_center_network_manager < 11.4\(1\)

Timeline

Published Jul 31, 2020

Tracked Since Feb 18, 2026