Vulnerability identifier: #VU45788
Vulnerability risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Data Center Network Manager
Server applications /
Remote management servers, RDP, SSH
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote user to gain access to otherwise restricted functionality.
The vulnerability exists due to insufficient authorization checks in the web-based management interface of Cisco Data Center Network Manager (DCNM). A remote authenticated user can gain access to administrative functionality and view, modify, and delete data without proper authorization.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco Data Center Network Manager: 11.3.0.564 - 11.4.0.379
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-bypass-auth-mVDR6ygT
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.