cbcvebase.
CVE-2020-3382
published 2020-07-31

CVE-2020-3382: A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.30%
81.1th percentile
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_data_center_network_manager
ciscodata_center_network_manager< 11.4\(1\)11.4\(1\)
ciscodata_center_network_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Attacker exploits a static encryption key shared across all DCNM installations to craft a valid session token for the REST API, bypassing authentication entirely — monitor for unauthenticated REST API calls that present a valid session token without a preceding login flow.
  • Successful exploitation grants administrative privileges over the DCNM REST API — alert on REST API requests performing privileged/administrative actions (e.g., configuration changes, user management) that originate from unauthenticated or externally sourced sessions.
  • Track Cisco bug ID CSCvt41161 in internal vulnerability management and SIEM correlation rules to identify affected DCNM deployments.
  • ·The vulnerability is rooted in a hardcoded/static encryption key (CWE-798) shared across all DCNM installations — any DCNM deployment using a default or shared key is affected regardless of network segmentation.
  • ·There are no workarounds available; the only remediation is applying Cisco's released software updates.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.