CVE-2020-3382
published 2020-07-31CVE-2020-3382: A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.30%
81.1th percentile
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_data_center_network_manager | — | — |
| cisco | data_center_network_manager | < 11.4\(1\) | 11.4\(1\) |
| cisco | data_center_network_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker exploits a static encryption key shared across all DCNM installations to craft a valid session token for the REST API, bypassing authentication entirely — monitor for unauthenticated REST API calls that present a valid session token without a preceding login flow. ↗
- →Successful exploitation grants administrative privileges over the DCNM REST API — alert on REST API requests performing privileged/administrative actions (e.g., configuration changes, user management) that originate from unauthenticated or externally sourced sessions. ↗
- →Track Cisco bug ID CSCvt41161 in internal vulnerability management and SIEM correlation rules to identify affected DCNM deployments. ↗
- ·The vulnerability is rooted in a hardcoded/static encryption key (CWE-798) shared across all DCNM installations — any DCNM deployment using a default or shared key is affected regardless of network segmentation. ↗
- ·There are no workarounds available; the only remediation is applying Cisco's released software updates. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Data Center Network Manager Authentication Bypass Vulnerability
vendor_cisco·2020-07-29·CVSS 9.8
CVE-2020-3382 [CRITICAL] CWE-798 Cisco Data Center Network Manager Authentication Bypass Vulnerability
Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.
The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:ht
Cisco
Cisco Data Center Network Manager Authentication Bypass Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3382 Cisco Data Center Network Manager Authentication Bypass Vulnerability
CVE-2020-3382: Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-798, CWE-798
Bug IDs: CSCvt41161
GHSA
GHSA-xgr2-w47g-6j54: A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication a
ghsa_unreviewed·2022-05-24
CVE-2020-3382 [HIGH] GHSA-xgr2-w47g-6j54: A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication a
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
No detection rules found.
No public exploits indexed.
2020-07-31
Published