Sign-up

ID

VAR-202007-1031


CVE

CVE-2020-3391


TITLE

Cisco Digital Network Architecture Center Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007518

DESCRIPTION

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. The solution scales and protects devices, applications, and more within the network

Trust: 1.8

sources: NVD: CVE-2020-3391 // JVNDB: JVNDB-2020-007518 // VULHUB: VHN-181516 // VULMON: CVE-2020-3391

AFFECTED PRODUCTS

vendor:ciscomodel:digital network architecture centerscope:ltversion:1.2.10

Trust: 1.0

vendor:ciscomodel:digital network architecture centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-007518 // NVD: CVE-2020-3391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3391
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3391
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007518
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-092
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181516
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3391
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3391
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007518
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181516
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3391
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3391
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-007518
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181516 // VULMON: CVE-2020-3391 // JVNDB: JVNDB-2020-007518 // CNNVD: CNNVD-202007-092 // NVD: CVE-2020-3391 // NVD: CVE-2020-3391

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-522

Trust: 1.1

sources: VULHUB: VHN-181516 // JVNDB: JVNDB-2020-007518 // NVD: CVE-2020-3391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-092

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202007-092

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007518

PATCH
title:cisco-sa-dnac-info-disc-6xsCyDYyVurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-6xsCyDYy
Trust: 0.8
title:Cisco Digital Network Architecture Center Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122887
Trust: 0.6
title:Cisco: Cisco Digital Network Architecture Center Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dnac-info-disc-6xsCyDYy
Trust: 0.1
title:CVE-2020-3391url:https://github.com/AlAIAL90/CVE-2020-3391 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3391 // 
            
            
            
            JVNDB: JVNDB-2020-007518 // 
            
            
            
            CNNVD: CNNVD-202007-092

EXTERNAL IDS
db:NVDid:CVE-2020-3391
Trust: 2.6
db:JVNDBid:JVNDB-2020-007518
Trust: 0.8
db:CNNVDid:CNNVD-202007-092
Trust: 0.7
db:AUSCERTid:ESB-2020.2273
Trust: 0.6
db:NSFOCUSid:48473
Trust: 0.6
db:CNVDid:CNVD-2020-45582
Trust: 0.1
db:VULHUBid:VHN-181516
Trust: 0.1
db:VULMONid:CVE-2020-3391
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181516 // 
            
            
            
            VULMON: CVE-2020-3391 // 
            
            
            
            JVNDB: JVNDB-2020-007518 // 
            
            
            
            CNNVD: CNNVD-202007-092 // 
            
            
            
            NVD: CVE-2020-3391

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-info-disc-6xscydyy
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-3391
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3391
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48473
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2273/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3391
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181516 // 
            
            
            
            VULMON: CVE-2020-3391 // 
            
            
            
            JVNDB: JVNDB-2020-007518 // 
            
            
            
            CNNVD: CNNVD-202007-092 // 
            
            
            
            NVD: CVE-2020-3391

SOURCES
db:VULHUBid:VHN-181516
db:VULMONid:CVE-2020-3391
db:JVNDBid:JVNDB-2020-007518
db:CNNVDid:CNNVD-202007-092
db:NVDid:CVE-2020-3391

LAST UPDATE DATE
2024-08-14T14:25:41.410000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181516date:2021-08-06T00:00:00
db:VULMONid:CVE-2020-3391date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-007518date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-092date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3391date:2021-08-06T18:58:38.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-181516date:2020-07-02T00:00:00
db:VULMONid:CVE-2020-3391date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2020-007518date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-092date:2020-07-01T00:00:00
db:NVDid:CVE-2020-3391date:2020-07-02T05:15:11.557