ID

VAR-202008-0809


CVE

CVE-2020-3522


TITLE

Cisco Data Center Network Manager Unauthorized authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008490

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3522 // JVNDB: JVNDB-2020-008490 // VULHUB: VHN-181647

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008490 // NVD: CVE-2020-3522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3522
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3522
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008490
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-969
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181647
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3522
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008490
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181647
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3522
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008490
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181647 // JVNDB: JVNDB-2020-008490 // CNNVD: CNNVD-202008-969 // NVD: CVE-2020-3522 // NVD: CVE-2020-3522

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-181647 // JVNDB: JVNDB-2020-008490 // NVD: CVE-2020-3522

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-969

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202008-969

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008490

PATCH

title:cisco-sa-dcnm-auth-bypass-MYeFpFcFurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-MYeFpFcF

Trust: 0.8

title:Cisco Data Center Network Manager Web Repair measures for management interface access control errorsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126765

Trust: 0.6

sources: JVNDB: JVNDB-2020-008490 // CNNVD: CNNVD-202008-969

EXTERNAL IDS

db:NVDid:CVE-2020-3522

Trust: 2.5

db:JVNDBid:JVNDB-2020-008490

Trust: 0.8

db:CNNVDid:CNNVD-202008-969

Trust: 0.7

db:AUSCERTid:ESB-2020.2855

Trust: 0.6

db:NSFOCUSid:48729

Trust: 0.6

db:CNVDid:CNVD-2020-50151

Trust: 0.1

db:VULHUBid:VHN-181647

Trust: 0.1

sources: VULHUB: VHN-181647 // JVNDB: JVNDB-2020-008490 // CNNVD: CNNVD-202008-969 // NVD: CVE-2020-3522

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-auth-bypass-myefpfcf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3522

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3522

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-information-disclosure-33183

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2855/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/48729

Trust: 0.6

sources: VULHUB: VHN-181647 // JVNDB: JVNDB-2020-008490 // CNNVD: CNNVD-202008-969 // NVD: CVE-2020-3522

SOURCES

db:VULHUBid:VHN-181647
db:JVNDBid:JVNDB-2020-008490
db:CNNVDid:CNNVD-202008-969
db:NVDid:CVE-2020-3522

LAST UPDATE DATE

2024-08-14T13:24:15.169000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181647date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-008490date:2020-09-14T00:00:00
db:CNNVDid:CNNVD-202008-969date:2020-09-14T00:00:00
db:NVDid:CVE-2020-3522date:2023-11-07T03:22:51.370

SOURCES RELEASE DATE

db:VULHUBid:VHN-181647date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-008490date:2020-09-14T00:00:00
db:CNNVDid:CNNVD-202008-969date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3522date:2020-08-26T17:15:14.927