CVE-2020-3382 is a vulnerability in Cisco Data Center Network Manager
Published on July 31, 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.
Weakness Type
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Products Associated with CVE-2020-3382
Want to know whenever a new CVE is published for Cisco Data Center Network Manager? stack.watch will email you.
Affected Versions
Cisco Data Center Network Manager Version n/a is affected by CVE-2020-3382Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.