#VU32918 Missing Authentication for Critical Function in Cisco Data Center Network Manager - CVE-2020-3376
Published: July 30, 2020
Vulnerability identifier: #VU32918
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3376
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Data Center Network Manager
Cisco Data Center Network Manager
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a failure in the software to perform proper authentication. A remote attacker can brows to one of the hosted URLs in Cisco DCNM, interact with and use certain functions within the Cisco DCNM, leading to authentication bypass and execution of arbitrary actions.
Remediation
Install updates from vendor's website.