CVE-2020-3522 Information

Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add delete and edit certain network configurations in the same manner as a user with administrative privileges.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-MYeFpFcF

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

6.3