CVE-2020-3376
Last modified
CVE-2020-3376 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. EPSS estimates a 1.15% chance of exploitation in the next 30 days.
Description
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Data Center Network Manager | 11.0\(1\) |
| Cisco | Data Center Network Manager | 11.1\(1\) |
| Cisco | Data Center Network Manager | 11.2\(1\) |
| Cisco | Data Center Network Manager | 11.3\(1\) |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-3376?
How severe is CVE-2020-3376?
How do I fix CVE-2020-3376?
Are you affected by CVE-2020-3376?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST