CVE-2020-3382 — Hard-coded Credentials in Cisco Data Center Network Manager

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

13.1%

top 5.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Data Center Network Manager

Timeline

PublishedJul 31

Latest updateMay 24

Description

A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions thr…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/data_center_network_manager< 11.4\(1\)

▶CVEListV5cisco/cisco_data_center_network_managern/a

🔴Vulnerability Details

GHSA

GHSA-xgr2-w47g-6j54: A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication a↗2022-05-24

▶

CVEList

Cisco Data Center Network Manager Authentication Bypass Vulnerability↗2020-07-31

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Authentication Bypass Vulnerability↗2020-07-29

▶