Sign-up

ID

VAR-202006-1121


CVE

CVE-2020-3281


TITLE

Cisco Digital Network Architecture Center Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006335

DESCRIPTION

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3281 // JVNDB: JVNDB-2020-006335 // VULHUB: VHN-181406

AFFECTED PRODUCTS

vendor:ciscomodel:digital network architecture centerscope:ltversion:1.3.3.3

Trust: 1.0

vendor:ciscomodel:digital network architecture centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006335 // NVD: CVE-2020-3281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3281
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3281
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006335
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-351
value: HIGH

Trust: 0.6

VULHUB: VHN-181406
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3281
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006335
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181406
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3281
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3281
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006335
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181406 // JVNDB: JVNDB-2020-006335 // CNNVD: CNNVD-202006-351 // NVD: CVE-2020-3281 // NVD: CVE-2020-3281

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-181406 // JVNDB: JVNDB-2020-006335 // NVD: CVE-2020-3281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-351

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202006-351

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006335

PATCH
title:cisco-sa-dnac-audit-log-59RBdwb6url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-audit-log-59RBdwb6
Trust: 0.8
title:Cisco Digital Network Architecture Center Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121372
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006335 // 
            
            
            
            CNNVD: CNNVD-202006-351

EXTERNAL IDS
db:NVDid:CVE-2020-3281
Trust: 2.5
db:JVNDBid:JVNDB-2020-006335
Trust: 0.8
db:CNNVDid:CNNVD-202006-351
Trust: 0.7
db:AUSCERTid:ESB-2020.1943
Trust: 0.6
db:NSFOCUSid:47496
Trust: 0.6
db:NSFOCUSid:47416
Trust: 0.6
db:VULHUBid:VHN-181406
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181406 // 
            
            
            
            JVNDB: JVNDB-2020-006335 // 
            
            
            
            CNNVD: CNNVD-202006-351 // 
            
            
            
            NVD: CVE-2020-3281

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-audit-log-59rbdwb6
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3281
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3281
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47416
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1943/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47496
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181406 // 
            
            
            
            JVNDB: JVNDB-2020-006335 // 
            
            
            
            CNNVD: CNNVD-202006-351 // 
            
            
            
            NVD: CVE-2020-3281

SOURCES
db:VULHUBid:VHN-181406
db:JVNDBid:JVNDB-2020-006335
db:CNNVDid:CNNVD-202006-351
db:NVDid:CVE-2020-3281

LAST UPDATE DATE
2024-08-14T14:18:54.747000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181406date:2020-06-11T00:00:00
db:JVNDBid:JVNDB-2020-006335date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-351date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3281date:2020-06-11T20:34:44.133

SOURCES RELEASE DATE
db:VULHUBid:VHN-181406date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006335date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-351date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3281date:2020-06-03T18:15:22.167