Details of VAR-202007-1042

ID

VAR-202007-1042

CVE

CVE-2020-3376

TITLE

Cisco Data Center Network Manager Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008960

DESCRIPTION

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. The following products and versions are affected: Cisco DCNM Release 11.0(1), Release 11.1(1), Release 11.2(1), Release 11.3(1)

Trust: 1.8

sources: NVD: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // VULHUB: VHN-181501 // VULMON: CVE-2020-3376

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	eq	version:	11.2\(1\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	eq	version:	11.0\(1\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	eq	version:	11.3\(1\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	eq	version:	11.1\(1\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-008960 // NVD: CVE-2020-3376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3376
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3376
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-008960
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202007-1694
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-181501
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-3376
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3376
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-008960
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181501
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3376
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3376
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008960
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181501 // VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694 // NVD: CVE-2020-3376 // NVD: CVE-2020-3376

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.9

sources: VULHUB: VHN-181501 // JVNDB: JVNDB-2020-008960 // NVD: CVE-2020-3376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1694

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1694

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008960

PATCH

title:	cisco-sa-dcnm-auth-bypass-JkubGpu3	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-JkubGpu3	Trust: 0.8
title:	Cisco Data Center Network Manager Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125723	Trust: 0.6
title:	Cisco: Cisco Data Center Network Manager Authentication Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-auth-bypass-JkubGpu3	Trust: 0.1

sources: VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3376	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-008960	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-1694	Trust: 0.7
db:	NSFOCUS	id:	47818	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2600	Trust: 0.6
db:	CNVD	id:	CNVD-2020-44067	Trust: 0.1
db:	VULHUB	id:	VHN-181501	Trust: 0.1
db:	VULMON	id:	CVE-2020-3376	Trust: 0.1

sources: VULHUB: VHN-181501 // VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694 // NVD: CVE-2020-3376

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-auth-bypass-jkubgpu3	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3376	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3376	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2600/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-device-manager-32963	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47818	Trust: 0.6
url:	https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-181501 // VULMON: CVE-2020-3376 // JVNDB: JVNDB-2020-008960 // CNNVD: CNNVD-202007-1694 // NVD: CVE-2020-3376

SOURCES

db:	VULHUB	id:	VHN-181501
db:	VULMON	id:	CVE-2020-3376
db:	JVNDB	id:	JVNDB-2020-008960
db:	CNNVD	id:	CNNVD-202007-1694
db:	NVD	id:	CVE-2020-3376

LAST UPDATE DATE

2024-08-14T14:03:38.292000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181501	date:	2020-08-05T00:00:00
db:	VULMON	id:	CVE-2020-3376	date:	2020-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-008960	date:	2020-10-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1694	date:	2020-08-18T00:00:00
db:	NVD	id:	CVE-2020-3376	date:	2023-11-07T03:22:39.027

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181501	date:	2020-07-31T00:00:00
db:	VULMON	id:	CVE-2020-3376	date:	2020-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2020-008960	date:	2020-10-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1694	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2020-3376	date:	2020-07-31T00:15:12.913