What is CVE-2020-3384?

CVE-2020-3384 is a high-severity vulnerability in Cisco Data Center Network Manager, classified under Incomplete List of Disallowed Inputs. CVSS score: 8.2/10. Published 2020-07-31.

How severe is CVE-2020-3384?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Cisco Data Center Network Manager

CVE-2020-3384

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in u…

EPSS: 0.005 (66.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L.

Affected products

Cisco Data Center Network Manager — versions n/a

Weakness classification (CWE)

CWE-184 — Incomplete List of Disallowed Inputs

References

20200729 Cisco Data Center Network Manager Command Injection Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3384?: CVE-2020-3384 is a high-severity vulnerability in Cisco Data Center Network Manager, classified under Incomplete List of Disallowed Inputs. CVSS score: 8.2/10. Published 2020-07-31.
How severe is CVE-2020-3384?: High severity. CVSS v3 base score is 8.2 out of 10.