CVE-2020-3112Improper Privilege Management in Cisco Data Center Network Manager

CWE-264CWE-269Improper Privilege Management4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedFeb 19
Latest updateMay 24

Description

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_data_center_network_managerunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-6frc-m84r-4j3r: A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileg2022-05-24
CVEList
Cisco Data Center Network Manager Privilege Escalation Vulnerability2020-02-19

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Privilege Escalation Vulnerability2020-02-19
CVE-2020-3112 — Improper Privilege Management in Cisco | cvebase