CVE-2020-3386Improper Authorization in Cisco Data Center Network Manager

CWE-285Improper AuthorizationCWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 26.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedJul 31
Latest updateMay 24

Description

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions throug

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pj5q-9mff-24rh: A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileg2022-05-24
CVEList
Cisco Data Center Network Manager Improper Authorization Vulnerability2020-07-31

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Improper Authorization Vulnerability2020-07-29
CVE-2020-3386 — Improper Authorization in Cisco | cvebase