Auto-merge PR#4453

2025-06-08 22:18:26 +00:00 · 2020-07-30 20:06:00 -04:00 · 2020-07-30 20:06:00 -04:00 · 9b463f3a2c
commit 9b463f3a2c
parent 827c56361c abb370d714
1 changed files with 75 additions and 7 deletions
--- a/2020/3xxx/CVE-2020-3377.json
+++ b/2020/3xxx/CVE-2020-3377.json
@ -1,18 +1,86 @@
 {
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2020-07-29T16:00:00",
        "ID": "CVE-2020-3377",
-        "ASSIGNER": "cve@mitre.org",
+        "STATE": "PUBLIC",
-        "STATE": "RESERVED"
+        "TITLE": "Cisco Data Center Network Manager Command Injection Vulnerability"
    },
-    "description": {
+    "affects": {
-        "description_data": [
+        "vendor": {
            "vendor_data": [
                {
-                "lang": "eng",
+                    "product": {
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                        "product_data": [
                            {
                                "product_name": "Cisco Data Center Network Manager ",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": " A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. "
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "6.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-78"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20200729 Cisco Data Center Network Manager Command Injection Vulnerability",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-devmgr-cmd-inj-Umc8RHNh",
        "defect": [
            [
                "CSCvt54521"
            ]
        ],
        "discovery": "INTERNAL"
    }
 }