CVE-2020-3538— Cisco Data Center Network Manager Path Traversal Vulnerability

Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

输入验证不恰当

Cisco Data Center Network Manager REST API端点输入验证错误漏洞

Cisco Data Center Network Manager（DCNM）是美国思科（Cisco）公司的一套数据中心管理系统。该系统适用于Cisco Nexus和MDS系列交换机，提供存储可视化、配置和故障排除等功能。 Cisco DCNM 11.4(1)之前版本中的REST API端点存在输入验证错误漏洞，该漏洞源于程序没有充分进行路径限制。远程攻击者可利用该漏洞覆盖或列出设备上的任意文件。

N/A

N/A