ID

VAR-202007-1042


CVE

CVE-2020-3376


TITLE

Cisco Data Center Network Manager Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008960

DESCRIPTION

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. The following products and versions are affected: Cisco DCNM Release 11.0(1), Release 11.1(1), Release 11.2(1), Release 11.3(1)

Trust: 1.8

sources: NVD: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // VULHUB: VHN-181501 // VULMON: CVE-2020-3376

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:eqversion:11.2\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.3\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope:eqversion:11.1\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008960 // NVD: CVE-2020-3376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3376
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3376
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008960
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1694
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181501
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3376
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3376
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008960
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181501
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3376
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3376
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008960
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181501 // VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694 // NVD: CVE-2020-3376 // NVD: CVE-2020-3376

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-181501 // JVNDB: JVNDB-2020-008960 // NVD: CVE-2020-3376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1694

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1694

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008960

PATCH

title:cisco-sa-dcnm-auth-bypass-JkubGpu3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-JkubGpu3

Trust: 0.8

title:Cisco Data Center Network Manager Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125723

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager Authentication Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-auth-bypass-JkubGpu3

Trust: 0.1

sources: VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694

EXTERNAL IDS

db:NVDid:CVE-2020-3376

Trust: 2.6

db:JVNDBid:JVNDB-2020-008960

Trust: 0.8

db:CNNVDid:CNNVD-202007-1694

Trust: 0.7

db:NSFOCUSid:47818

Trust: 0.6

db:AUSCERTid:ESB-2020.2600

Trust: 0.6

db:CNVDid:CNVD-2020-44067

Trust: 0.1

db:VULHUBid:VHN-181501

Trust: 0.1

db:VULMONid:CVE-2020-3376

Trust: 0.1

sources: VULHUB: VHN-181501 // VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694 // NVD: CVE-2020-3376

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-auth-bypass-jkubgpu3

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-3376

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3376

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2600/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-device-manager-32963

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47818

Trust: 0.6

url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181501 // VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694 // NVD: CVE-2020-3376

SOURCES

db:VULHUBid:VHN-181501
db:VULMONid:CVE-2020-3376
db:JVNDBid:JVNDB-2020-008960
db:CNNVDid:CNNVD-202007-1694
db:NVDid:CVE-2020-3376

LAST UPDATE DATE

2024-08-14T14:03:38.292000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181501date:2020-08-05T00:00:00
db:VULMONid:CVE-2020-3376date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008960date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1694date:2020-08-18T00:00:00
db:NVDid:CVE-2020-3376date:2023-11-07T03:22:39.027

SOURCES RELEASE DATE

db:VULHUBid:VHN-181501date:2020-07-31T00:00:00
db:VULMONid:CVE-2020-3376date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008960date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1694date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3376date:2020-07-31T00:15:12.913