How severe is CVE-2020-3384?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2020-3384?

This is classified as CWE-184, which is a common weakness in software security.

CVE-2020-3384 - HIGH Severity | CVSS 8.2

Vulnerability Description

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system.

Related Vulnerabilities

CVE-2018-5968

HIGH

CVSS:8.1(High)

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization fla...

CWE-1842018

CVE-2024-54149

HIGH

CVSS:8.4(High)

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates s...

CWE-1842024

CVE-2015-5946

HIGH

CVSS:7.8(High)

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

CWE-1842015

CVE-2016-7076

HIGH

CVSS:7.8(High)

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user perm...

CWE-1842016

CVE-2018-16863

HIGH

CVSS:7.8(High)

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary s...

CWE-1842018

CVE-2025-29822

HIGH

CVSS:7.8(High)

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

CWE-1842025