VDB
CVE-2020-3538
CVE-2020-3538
PUBLISHED
CVSS 4.599999904632568 MEDIUM
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
EPSS 0.15% · 35.4th percentile
Risk Scores
CVSS 3.1
4.599999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X
EPSS Score
0.15%
35.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | data_center_network_manager | 0 |
| Cisco | Cisco Data Center Network Manager | N/A |
Exploit Intelligence
- CIRCL seen: CVE-2020-3538 (circl-sighting)
- cisco-sa-dcnm-pa-trav-bMdfSTTq (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2 (circl)
Timeline
- Nov 18, 2024 CVE Published
- Nov 18, 2024 PoC Published
- Nov 18, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 9, 2025 EPSS Score
References
- cisco-sa-dcnm-pa-trav-bMdfSTTq url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-3538 advisory