CVE-2020-3522

CWE-284Improper Access ControlCWE-863Incorrect Authorization4 documents4 sources
Severity
6.3MEDIUM
EPSS
0.2%
top 63.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Data Center Network ManagerCisco Cisco Data Center Network Manager
Timeline
PublishedAug 26
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-r4m4-hfr3-7238: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attack2022-05-24
CVEList
Cisco Data Center Network Manager Authorization Bypass Vulnerability2020-08-26

📋Vendor Advisories

1
Cisco
Cisco Data Center Network Manager Authorization Bypass Vulnerability2020-08-19