cbcvebase.
CVE-2020-3386
published 2020-07-31

CVE-2020-3386: A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.04%
78.7th percentile
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_data_center_network_manager
ciscodata_center_network_manager< 11.4\(1\)11.4\(1\)
ciscodata_center_network_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for crafted REST API requests to Cisco DCNM API endpoints made using low-privileged credentials that result in administrative-level actions, indicating authorization bypass attempts.
  • Alert on low-privileged DCNM accounts invoking REST API functions that are typically restricted to administrative roles, as the vulnerability stems from insufficient authorization of certain API functions.
  • ·There are no workarounds available for this vulnerability; patching via Cisco software updates is the only remediation path.
  • ·The vulnerability requires the attacker to already be authenticated with at least a low-privileged account on the DCNM REST API endpoint, meaning unauthenticated access is not the attack vector.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.