Sign-up

ID

VAR-202007-1052


CVE

CVE-2020-3386


TITLE

Cisco Data Center Network Manager Unauthorized authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008956

DESCRIPTION

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. Cisco Data Center Network Manager (DCNM) Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3386 // JVNDB: JVNDB-2020-008956 // VULHUB: VHN-181511

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008956 // NVD: CVE-2020-3386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3386
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3386
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1695
value: HIGH

Trust: 0.6

VULHUB: VHN-181511
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3386
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008956
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181511
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3386
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3386
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008956
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181511 // JVNDB: JVNDB-2020-008956 // CNNVD: CNNVD-202007-1695 // NVD: CVE-2020-3386 // NVD: CVE-2020-3386

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

problemtype:CWE-285

Trust: 1.0

sources: VULHUB: VHN-181511 // JVNDB: JVNDB-2020-008956 // NVD: CVE-2020-3386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1695

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-1695

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008956

PATCH
title:cisco-sa-dcnm-improper-auth-7Krd9TDTurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-improper-auth-7Krd9TDT
Trust: 0.8
title:Cisco Data Center Network Manager Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125205
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008956 // 
            
            
            
            CNNVD: CNNVD-202007-1695

EXTERNAL IDS
db:NVDid:CVE-2020-3386
Trust: 2.5
db:JVNDBid:JVNDB-2020-008956
Trust: 0.8
db:CNNVDid:CNNVD-202007-1695
Trust: 0.7
db:NSFOCUSid:47817
Trust: 0.6
db:AUSCERTid:ESB-2020.2600
Trust: 0.6
db:CNVDid:CNVD-2020-44066
Trust: 0.1
db:VULHUBid:VHN-181511
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181511 // 
            
            
            
            JVNDB: JVNDB-2020-008956 // 
            
            
            
            CNNVD: CNNVD-202007-1695 // 
            
            
            
            NVD: CVE-2020-3386

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-improper-auth-7krd9tdt
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3386
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3386
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2600/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-rest-api-32965
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47817
Trust: 0.6
url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181511 // 
            
            
            
            JVNDB: JVNDB-2020-008956 // 
            
            
            
            CNNVD: CNNVD-202007-1695 // 
            
            
            
            NVD: CVE-2020-3386

SOURCES
db:VULHUBid:VHN-181511
db:JVNDBid:JVNDB-2020-008956
db:CNNVDid:CNNVD-202007-1695
db:NVDid:CVE-2020-3386

LAST UPDATE DATE
2024-08-14T14:03:38.188000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181511date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008956date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1695date:2020-08-18T00:00:00
db:NVDid:CVE-2020-3386date:2020-08-05T19:45:32.467

SOURCES RELEASE DATE
db:VULHUBid:VHN-181511date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008956date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1695date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3386date:2020-07-31T00:15:13.383