ID

VAR-202007-1059


CVE

CVE-2020-3461


TITLE

Cisco Data Center Network Manager Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008958

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3461 // JVNDB: JVNDB-2020-008958 // VULHUB: VHN-181586

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008958 // NVD: CVE-2020-3461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3461
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3461
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008958
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1689
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181586
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3461
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008958
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181586
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3461
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3461
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008958
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181586 // JVNDB: JVNDB-2020-008958 // CNNVD: CNNVD-202007-1689 // NVD: CVE-2020-3461 // NVD: CVE-2020-3461

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-181586 // JVNDB: JVNDB-2020-008958 // NVD: CVE-2020-3461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1689

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1689

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008958

PATCH

title:cisco-sa-dcnm-info-disclosure-tFX3KerCurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disclosure-tFX3KerC

Trust: 0.8

title:Cisco Data Center Network Manager Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125722

Trust: 0.6

sources: JVNDB: JVNDB-2020-008958 // CNNVD: CNNVD-202007-1689

EXTERNAL IDS

db:NVDid:CVE-2020-3461

Trust: 2.5

db:JVNDBid:JVNDB-2020-008958

Trust: 0.8

db:CNNVDid:CNNVD-202007-1689

Trust: 0.7

db:NSFOCUSid:47815

Trust: 0.6

db:AUSCERTid:ESB-2020.2600

Trust: 0.6

db:CNVDid:CNVD-2020-44070

Trust: 0.1

db:VULHUBid:VHN-181586

Trust: 0.1

sources: VULHUB: VHN-181586 // JVNDB: JVNDB-2020-008958 // CNNVD: CNNVD-202007-1689 // NVD: CVE-2020-3461

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-info-disclosure-tfx3kerc

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3461

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3461

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2600/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47815

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-information-disclosure-via-web-based-management-interface-32966

Trust: 0.6

url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf

Trust: 0.6

sources: VULHUB: VHN-181586 // JVNDB: JVNDB-2020-008958 // CNNVD: CNNVD-202007-1689 // NVD: CVE-2020-3461

SOURCES

db:VULHUBid:VHN-181586
db:JVNDBid:JVNDB-2020-008958
db:CNNVDid:CNNVD-202007-1689
db:NVDid:CVE-2020-3461

LAST UPDATE DATE

2024-08-14T14:03:38.321000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181586date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008958date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1689date:2020-08-18T00:00:00
db:NVDid:CVE-2020-3461date:2020-08-05T13:45:50.097

SOURCES RELEASE DATE

db:VULHUBid:VHN-181586date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008958date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1689date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3461date:2020-07-31T00:15:13.523