CVE-2020-3281

CWE-532Log File Information Exposure5 documents5 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Digital Network Architecture CenterCisco Cisco Digital Network Architecture Center (dna Center)
Timeline
PublishedJun 3
Latest updateMay 24

Description

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-hcrf-j785-xgwj: A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to vie2022-05-24
CVEList
Cisco Digital Network Architecture Center Information Disclosure Vulnerability2020-06-03

📋Vendor Advisories

1
Cisco
Cisco Digital Network Architecture Center Information Disclosure Vulnerability2020-06-03

💬Community

1
Bugzilla
CVE-2017-18922 libvncserver: websocket decoding buffer overflow2020-06-30
CVE-2020-3281 (HIGH CVSS 8.8) | A vulnerability in the audit loggin | cvebase.io