CVE-2020-3376 — Missing Authentication for Critical Function in Cisco Data Center Network Manager

CWE-306 — Missing Authentication for Critical Function4 documents4 sources

Severity

9.8CRITICALNVD

CNA7.3

EPSS

0.9%

top 24.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Data Center Network Manager

Timeline

PublishedJul 31

Latest updateMay 24

Description

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions withi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/data_center_network_manager4 versions+3

▶CVEListV5cisco/cisco_data_center_network_managern/a

🔴Vulnerability Details

GHSA

GHSA-x97g-525f-hjwr: A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypas↗2022-05-24

▶

CVEList

Cisco Data Center Network Manager Authentication Bypass Vulnerability↗2020-07-31

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Authentication Bypass Vulnerability↗2020-07-29

▶