cbcvebase.
CVE-2020-3376
published 2020-07-31

CVE-2020-3376: A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.15%
63.0th percentile
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.

Affected

6 ranges
VendorProductVersion rangeFixed in
ciscocisco_data_center_network_manager
ciscodata_center_network_manager
ciscodata_center_network_manager
ciscodata_center_network_manager
ciscodata_center_network_manager
ciscodata_center_network_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is unauthenticated HTTP browsing to hosted URLs within Cisco DCNM's Device Manager application — monitor for unauthenticated access attempts to DCNM Device Manager URLs from external/untrusted sources.
  • The vulnerability is specifically in the Device Manager application component of Cisco DCNM — focus authentication bypass detection on Device Manager endpoints.
  • Track Cisco Bug ID CSCvt54527 for patch and version-specific remediation details relevant to affected DCNM deployments.
  • ·No workarounds are available for this vulnerability; patching is the only mitigation.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.