A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device.
The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Configurations
History
06 Aug 2025, 14:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:* | |
First Time |
Cisco data Center Network Manager
Cisco |
|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2 - Not Applicable | |
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq - Vendor Advisory | |
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb - Not Applicable | |
CWE | CWE-22 |
18 Nov 2024, 17:11
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-18 16:15
Updated : 2025-08-06 14:01
NVD link : CVE-2020-3538
Mitre link : CVE-2020-3538
CVE.ORG link : CVE-2020-3538
JSON object : View
Products Affected
cisco
- data_center_network_manager