Skip to main content

Data Center Network Manager CVE-2020-3461

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2020-07-31 psirt@cisco.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 31, 2020 - 00:15 nvd
MEDIUM 5.3

DescriptionNVD

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device.

AnalysisAI

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device. Affected products include: Cisco Data Center Network Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2019-1620 CRITICAL POC
9.8 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2019-1619 CRITICAL POC
9.8 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2019-1622 MEDIUM POC
5.3 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2019-1621 HIGH POC
7.5 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2020-3382 CRITICAL
9.8 Jul 31

A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attac

CVE-2020-3376 CRITICAL
9.8 Jul 31

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthentic

CVE-2017-12343 HIGH
8.8 Nov 30

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject ar

CVE-2021-1247 HIGH
8.8 Jan 20

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authen

CVE-2021-1272 HIGH
8.8 Jan 20

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthentic

CVE-2020-3386 HIGH
8.8 Jul 31

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remot

CVE-2020-3383 HIGH
8.8 Jul 31

A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote

CVE-2020-3377 HIGH
8.8 Jul 31

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticat

Share

CVE-2020-3461 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy