Missing Authentication for Critical Function in Cisco Data Center Network Manager - CVE-2020-3376

 

Missing Authentication for Critical Function in Cisco Data Center Network Manager - CVE-2020-3376

Published: July 30, 2020


Vulnerability identifier: #VU32918
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3376
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Data Center Network Manager

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a failure in the software to perform proper authentication. A remote attacker can brows to one of the hosted URLs in Cisco DCNM, interact with and use certain functions within the Cisco DCNM, leading to authentication bypass and execution of arbitrary actions.


How to mitigate CVE-2020-3376

Install updates from vendor's website.

Sources