Sign-up

ID

VAR-202008-0809


CVE

CVE-2020-3522


TITLE

Cisco Data Center Network Manager Unauthorized authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008490

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3522 // JVNDB: JVNDB-2020-008490 // VULHUB: VHN-181647

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008490 // NVD: CVE-2020-3522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3522
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3522
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008490
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-969
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181647
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3522
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008490
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181647
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3522
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008490
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181647 // JVNDB: JVNDB-2020-008490 // CNNVD: CNNVD-202008-969 // NVD: CVE-2020-3522 // NVD: CVE-2020-3522

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-181647 // JVNDB: JVNDB-2020-008490 // NVD: CVE-2020-3522

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-969

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202008-969

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008490

PATCH
title:cisco-sa-dcnm-auth-bypass-MYeFpFcFurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-MYeFpFcF
Trust: 0.8
title:Cisco Data Center Network Manager Web Repair measures for management interface access control errorsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126765
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008490 // 
            
            
            
            CNNVD: CNNVD-202008-969

EXTERNAL IDS
db:NVDid:CVE-2020-3522
Trust: 2.5
db:JVNDBid:JVNDB-2020-008490
Trust: 0.8
db:CNNVDid:CNNVD-202008-969
Trust: 0.7
db:AUSCERTid:ESB-2020.2855
Trust: 0.6
db:NSFOCUSid:48729
Trust: 0.6
db:CNVDid:CNVD-2020-50151
Trust: 0.1
db:VULHUBid:VHN-181647
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181647 // 
            
            
            
            JVNDB: JVNDB-2020-008490 // 
            
            
            
            CNNVD: CNNVD-202008-969 // 
            
            
            
            NVD: CVE-2020-3522

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-auth-bypass-myefpfcf
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3522
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3522
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-information-disclosure-33183
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2855/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48729
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181647 // 
            
            
            
            JVNDB: JVNDB-2020-008490 // 
            
            
            
            CNNVD: CNNVD-202008-969 // 
            
            
            
            NVD: CVE-2020-3522

SOURCES
db:VULHUBid:VHN-181647
db:JVNDBid:JVNDB-2020-008490
db:CNNVDid:CNNVD-202008-969
db:NVDid:CVE-2020-3522

LAST UPDATE DATE
2024-08-14T13:24:15.169000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181647date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-008490date:2020-09-14T00:00:00
db:CNNVDid:CNNVD-202008-969date:2020-09-14T00:00:00
db:NVDid:CVE-2020-3522date:2023-11-07T03:22:51.370

SOURCES RELEASE DATE
db:VULHUBid:VHN-181647date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-008490date:2020-09-14T00:00:00
db:CNNVDid:CNNVD-202008-969date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3522date:2020-08-26T17:15:14.927