Sign-up

ID

VAR-202008-0797


CVE

CVE-2020-3411


TITLE

Cisco DNA Center Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009583

DESCRIPTION

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. The solution scales and protects devices, applications, and more within the network

Trust: 1.71

sources: NVD: CVE-2020-3411 // JVNDB: JVNDB-2020-009583 // VULHUB: VHN-181536

AFFECTED PRODUCTS

vendor:ciscomodel:dna centerscope:gteversion:1.3

Trust: 1.0

vendor:ciscomodel:dna centerscope:ltversion:1.3.1.4

Trust: 1.0

vendor:ciscomodel:dna centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009583 // NVD: CVE-2020-3411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3411
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3411
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009583
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-176
value: HIGH

Trust: 0.6

VULHUB: VHN-181536
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3411
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009583
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181536
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3411
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3411
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-009583
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181536 // JVNDB: JVNDB-2020-009583 // CNNVD: CNNVD-202008-176 // NVD: CVE-2020-3411 // NVD: CVE-2020-3411

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-181536 // JVNDB: JVNDB-2020-009583 // NVD: CVE-2020-3411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-176

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202008-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009583

PATCH
title:cisco-sa-dna-info-disc-3bz8BCgRurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-info-disc-3bz8BCgR
Trust: 0.8
title:Cisco Digital Network Architecture Center Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125515
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009583 // 
            
            
            
            CNNVD: CNNVD-202008-176

EXTERNAL IDS
db:NVDid:CVE-2020-3411
Trust: 2.5
db:JVNDBid:JVNDB-2020-009583
Trust: 0.8
db:CNNVDid:CNNVD-202008-176
Trust: 0.7
db:NSFOCUSid:48349
Trust: 0.6
db:AUSCERTid:ESB-2020.2700
Trust: 0.6
db:CNVDid:CNVD-2020-47592
Trust: 0.1
db:VULHUBid:VHN-181536
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181536 // 
            
            
            
            JVNDB: JVNDB-2020-009583 // 
            
            
            
            CNNVD: CNNVD-202008-176 // 
            
            
            
            NVD: CVE-2020-3411

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dna-info-disc-3bz8bcgr
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3411
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3411
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48349
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2700/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181536 // 
            
            
            
            JVNDB: JVNDB-2020-009583 // 
            
            
            
            CNNVD: CNNVD-202008-176 // 
            
            
            
            NVD: CVE-2020-3411

SOURCES
db:VULHUBid:VHN-181536
db:JVNDBid:JVNDB-2020-009583
db:CNNVDid:CNNVD-202008-176
db:NVDid:CVE-2020-3411

LAST UPDATE DATE
2024-08-14T13:43:57.795000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181536date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-009583date:2020-11-18T08:21:24
db:CNNVDid:CNNVD-202008-176date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3411date:2021-08-06T18:57:20.933

SOURCES RELEASE DATE
db:VULHUBid:VHN-181536date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009583date:2020-11-18T08:21:24
db:CNNVDid:CNNVD-202008-176date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3411date:2020-08-17T18:15:12.680