CVE-2020-3391

CWE-200Information ExposureCWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 58.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Digital Network Architecture CenterCisco Cisco Digital Network Architecture Center (dna Center)
Timeline
PublishedJul 2
Latest updateMay 24

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discove

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-jhv6-f622-9cgv: A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clea2022-05-24
CVEList
Cisco Digital Network Architecture Center Information Disclosure Vulnerability2020-07-02

📋Vendor Advisories

2
Cisco
Cisco Digital Network Architecture Center Information Disclosure Vulnerability2020-07-01
Microsoft
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability2020-01-14
CVE-2020-3391 (MEDIUM CVSS 6.5) | A vulnerability in Cisco Digital Ne | cvebase.io