CVE-2020-3411

CWE-200 — Information Exposure CWE-287 — Improper Authentication4 documents4 sources

Severity

7.5HIGH

EPSS

0.3%

top 47.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Center Cisco Cisco Digital Network Architecture Center (dna Center)

Timeline

PublishedAug 17

Latest updateMay 24

Description

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/catalyst_center1.3 — 1.3.1.4

▶CVEListV5cisco/cisco_digital_network_architecture_center_(dna_center)n/a

🔴Vulnerability Details

GHSA

GHSA-qx4x-mchj-p2fq: A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system↗2022-05-24

▶

CVEList

Cisco DNA Center Information Disclosure Vulnerability↗2020-08-17

▶

📋Vendor Advisories

Cisco

Cisco DNA Center Information Disclosure Vulnerability↗2020-08-05

▶