CVE-2020-3386
published 2020-07-31CVE-2020-3386: A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.04%
78.7th percentile
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_data_center_network_manager | — | — |
| cisco | data_center_network_manager | < 11.4\(1\) | 11.4\(1\) |
| cisco | data_center_network_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crafted REST API requests to Cisco DCNM API endpoints made using low-privileged credentials that result in administrative-level actions, indicating authorization bypass attempts. ↗
- →Alert on low-privileged DCNM accounts invoking REST API functions that are typically restricted to administrative roles, as the vulnerability stems from insufficient authorization of certain API functions. ↗
- ·There are no workarounds available for this vulnerability; patching via Cisco software updates is the only remediation path. ↗
- ·The vulnerability requires the attacker to already be authenticated with at least a low-privileged account on the DCNM REST API endpoint, meaning unauthenticated access is not the attack vector. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pj5q-9mff-24rh: A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileg
ghsa_unreviewed·2022-05-24
CVE-2020-3386 [HIGH] GHSA-pj5q-9mff-24rh: A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileg
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
Cisco
Cisco Data Center Network Manager Improper Authorization Vulnerability
vendor_cisco·2020-07-29·CVSS 8.8
CVE-2020-3386 [HIGH] CWE-285 Cisco Data Center Network Manager Improper Authorization Vulnerability
Cisco Data Center Network Manager Improper Authorization Vulnerability
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device.
The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:http
Cisco
Cisco Data Center Network Manager Improper Authorization Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3386 Cisco Data Center Network Manager Improper Authorization Vulnerability
CVE-2020-3386: Cisco Data Center Network Manager Improper Authorization Vulnerability
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-285, CWE-285
Bug IDs: CSCvs78207
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-31
Published