CVE-2020-3376
published 2020-07-31CVE-2020-3376: A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.15%
63.0th percentile
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_data_center_network_manager | — | — |
| cisco | data_center_network_manager | — | — |
| cisco | data_center_network_manager | — | — |
| cisco | data_center_network_manager | — | — |
| cisco | data_center_network_manager | — | — |
| cisco | data_center_network_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is unauthenticated HTTP browsing to hosted URLs within Cisco DCNM's Device Manager application — monitor for unauthenticated access attempts to DCNM Device Manager URLs from external/untrusted sources. ↗
- →The vulnerability is specifically in the Device Manager application component of Cisco DCNM — focus authentication bypass detection on Device Manager endpoints. ↗
- →Track Cisco Bug ID CSCvt54527 for patch and version-specific remediation details relevant to affected DCNM deployments. ↗
- ·No workarounds are available for this vulnerability; patching is the only mitigation. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Data Center Network Manager Authentication Bypass Vulnerability
vendor_cisco·2020-07-29·CVSS 7.3
CVE-2020-3376 [HIGH] CWE-306 Cisco Data Center Network Manager Authentication Bypass Vulnerability
Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device.
The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.
Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https:/
Cisco
Cisco Data Center Network Manager Authentication Bypass Vulnerability
vendor_cisco·CVSS 3.1
CVE-2020-3376 Cisco Data Center Network Manager Authentication Bypass Vulnerability
CVE-2020-3376: Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. Cisco has released software updates that address the vulnerability described in this advisory. There are no
CVSS: 3.1
CWE: CWE-306, CWE-306
Bug IDs: CSCvt54527
GHSA
GHSA-x97g-525f-hjwr: A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypas
ghsa_unreviewed·2022-05-24
CVE-2020-3376 [HIGH] GHSA-x97g-525f-hjwr: A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypas
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-31
Published