Sign-up

ID

VAR-202002-0709


CVE

CVE-2020-3112


TITLE

Cisco Data Center Network Manager Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002128

DESCRIPTION

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3112 // JVNDB: JVNDB-2020-002128 // VULHUB: VHN-181237

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:data center network managerscope:eqversion:10.31

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:4.0

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.41

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.21

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:5.0

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.1

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:4.1

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.42

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:10.0

Trust: 0.6

vendor:ciscomodel:data center network managerscope:eqversion:4.2

Trust: 0.6

sources: JVNDB: JVNDB-2020-002128 // CNNVD: CNNVD-202002-975 // NVD: CVE-2020-3112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3112
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3112
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002128
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-975
value: HIGH

Trust: 0.6

VULHUB: VHN-181237
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3112
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002128
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181237
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3112
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3112
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002128
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181237 // JVNDB: JVNDB-2020-002128 // CNNVD: CNNVD-202002-975 // NVD: CVE-2020-3112 // NVD: CVE-2020-3112

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.9

problemtype:CWE-264

Trust: 1.0

sources: VULHUB: VHN-181237 // JVNDB: JVNDB-2020-002128 // NVD: CVE-2020-3112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-975

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202002-975

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002128

PATCH
title:cisco-sa-20200219-dcnm-priv-escurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-priv-esc
Trust: 0.8
title:Cisco Data Center Network Manager Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110031
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002128 // 
            
            
            
            CNNVD: CNNVD-202002-975

EXTERNAL IDS
db:NVDid:CVE-2020-3112
Trust: 2.5
db:JVNDBid:JVNDB-2020-002128
Trust: 0.8
db:CNNVDid:CNNVD-202002-975
Trust: 0.7
db:AUSCERTid:ESB-2020.0621
Trust: 0.6
db:NSFOCUSid:46007
Trust: 0.6
db:CNVDid:CNVD-2020-10705
Trust: 0.1
db:VULHUBid:VHN-181237
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181237 // 
            
            
            
            JVNDB: JVNDB-2020-002128 // 
            
            
            
            CNNVD: CNNVD-202002-975 // 
            
            
            
            NVD: CVE-2020-3112

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200219-dcnm-priv-esc
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3112
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3112
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46007
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-rest-api-31636
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0621/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181237 // 
            
            
            
            JVNDB: JVNDB-2020-002128 // 
            
            
            
            CNNVD: CNNVD-202002-975 // 
            
            
            
            NVD: CVE-2020-3112

SOURCES
db:VULHUBid:VHN-181237
db:JVNDBid:JVNDB-2020-002128
db:CNNVDid:CNNVD-202002-975
db:NVDid:CVE-2020-3112

LAST UPDATE DATE
2024-08-14T14:38:33.910000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181237date:2020-02-24T00:00:00
db:JVNDBid:JVNDB-2020-002128date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-975date:2020-02-28T00:00:00
db:NVDid:CVE-2020-3112date:2020-02-24T16:28:25.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-181237date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002128date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-975date:2020-02-19T00:00:00
db:NVDid:CVE-2020-3112date:2020-02-19T20:15:14.690