CVE-2020-3376 — HIGH (7.3) — White Hats Nepal

Vulnerability Description

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Cisco	Data Center Network Manager	11.0\(1\)

Related Weaknesses (CWE)

CWE-306

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dVendor Advisory

FAQ

What is CVE-2020-3376?

CVE-2020-3376 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on ...

How severe is CVE-2020-3376?

CVE-2020-3376 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3376?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Data Center Network Manager.