Sign-up

ID

VAR-202007-1059


CVE

CVE-2020-3461


TITLE

Cisco Data Center Network Manager Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008958

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3461 // JVNDB: JVNDB-2020-008958 // VULHUB: VHN-181586

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008958 // NVD: CVE-2020-3461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3461
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3461
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008958
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1689
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181586
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3461
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008958
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181586
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3461
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3461
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008958
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181586 // JVNDB: JVNDB-2020-008958 // CNNVD: CNNVD-202007-1689 // NVD: CVE-2020-3461 // NVD: CVE-2020-3461

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-181586 // JVNDB: JVNDB-2020-008958 // NVD: CVE-2020-3461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1689

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1689

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008958

PATCH
title:cisco-sa-dcnm-info-disclosure-tFX3KerCurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disclosure-tFX3KerC
Trust: 0.8
title:Cisco Data Center Network Manager Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125722
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008958 // 
            
            
            
            CNNVD: CNNVD-202007-1689

EXTERNAL IDS
db:NVDid:CVE-2020-3461
Trust: 2.5
db:JVNDBid:JVNDB-2020-008958
Trust: 0.8
db:CNNVDid:CNNVD-202007-1689
Trust: 0.7
db:NSFOCUSid:47815
Trust: 0.6
db:AUSCERTid:ESB-2020.2600
Trust: 0.6
db:CNVDid:CNVD-2020-44070
Trust: 0.1
db:VULHUBid:VHN-181586
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181586 // 
            
            
            
            JVNDB: JVNDB-2020-008958 // 
            
            
            
            CNNVD: CNNVD-202007-1689 // 
            
            
            
            NVD: CVE-2020-3461

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-info-disclosure-tfx3kerc
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3461
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3461
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2600/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47815
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-information-disclosure-via-web-based-management-interface-32966
Trust: 0.6
url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-039.pdf
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181586 // 
            
            
            
            JVNDB: JVNDB-2020-008958 // 
            
            
            
            CNNVD: CNNVD-202007-1689 // 
            
            
            
            NVD: CVE-2020-3461

SOURCES
db:VULHUBid:VHN-181586
db:JVNDBid:JVNDB-2020-008958
db:CNNVDid:CNNVD-202007-1689
db:NVDid:CVE-2020-3461

LAST UPDATE DATE
2024-08-14T14:03:38.321000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181586date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008958date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1689date:2020-08-18T00:00:00
db:NVDid:CVE-2020-3461date:2020-08-05T13:45:50.097

SOURCES RELEASE DATE
db:VULHUBid:VHN-181586date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-008958date:2020-10-08T00:00:00
db:CNNVDid:CNNVD-202007-1689date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3461date:2020-07-31T00:15:13.523