Details of VAR-202008-0828

ID

VAR-202008-0828

CVE

CVE-2020-3520

TITLE

Cisco Data Center Network Manager Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010213

DESCRIPTION

A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any privilege level could exploit this vulnerability by accessing local filesystems and extracting sensitive information from them. A successful exploit could allow the attacker to view sensitive data, which they could use to elevate their privilege. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.71

sources: NVD: CVE-2020-3520 // JVNDB: JVNDB-2020-010213 // VULHUB: VHN-181645

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.4\(1\)	Trust: 1.0
vendor:	cisco	model:	data center network manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010213 // NVD: CVE-2020-3520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3520
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3520
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-010213
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202008-964
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181645
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-3520
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-010213
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181645
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3520
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-010213
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181645 // JVNDB: JVNDB-2020-010213 // CNNVD: CNNVD-202008-964 // NVD: CVE-2020-3520 // NVD: CVE-2020-3520

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-181645 // JVNDB: JVNDB-2020-010213 // NVD: CVE-2020-3520

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-964

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202008-964

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010213

PATCH

title:	cisco-sa-dcnm-infordisc-DOAXVvFV	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-infordisc-DOAXVvFV	Trust: 0.8
title:	Cisco Data Center Network Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126760	Trust: 0.6

sources: JVNDB: JVNDB-2020-010213 // CNNVD: CNNVD-202008-964

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3520	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010213	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-964	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2855	Trust: 0.6
db:	NSFOCUS	id:	48723	Trust: 0.6
db:	CNVD	id:	CNVD-2020-48219	Trust: 0.1
db:	VULHUB	id:	VHN-181645	Trust: 0.1

sources: VULHUB: VHN-181645 // JVNDB: JVNDB-2020-010213 // CNNVD: CNNVD-202008-964 // NVD: CVE-2020-3520

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-infordisc-doaxvvfv	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3520	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3520	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48723	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2855/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-data-center-network-manager-information-disclosure-33113	Trust: 0.6

sources: VULHUB: VHN-181645 // JVNDB: JVNDB-2020-010213 // CNNVD: CNNVD-202008-964 // NVD: CVE-2020-3520

SOURCES

db:	VULHUB	id:	VHN-181645
db:	JVNDB	id:	JVNDB-2020-010213
db:	CNNVD	id:	CNNVD-202008-964
db:	NVD	id:	CVE-2020-3520

LAST UPDATE DATE

2024-11-23T21:59:03.016000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181645	date:	2020-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-010213	date:	2020-12-28T06:45:37
db:	CNNVD	id:	CNNVD-202008-964	date:	2020-09-14T00:00:00
db:	NVD	id:	CVE-2020-3520	date:	2024-11-21T05:31:14.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181645	date:	2020-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-010213	date:	2020-12-28T06:45:37
db:	CNNVD	id:	CNNVD-202008-964	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-3520	date:	2020-08-26T17:15:14.740