CVE-2020-3461Missing Authentication for Critical Function in Cisco Data Center Network Manager

CWE-306Missing Authentication for Critical Function5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.6%
top 31.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Data Center Network ManagerCisco Data Center Network Manager
Timeline
PublishedJul 31
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affect

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5r6p-9vjr-8fm7: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to o2022-05-24
CVEList
Cisco Data Center Network Manager Information Disclosure Vulnerability2020-07-31

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Information Disclosure Vulnerability2020-07-29

💬Community

1
Bugzilla
CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC72302020-01-22
CVE-2020-3461 — Cisco vulnerability | cvebase