CVE-2020-3539: Cisco DCNM Web Auth Bypass Enables Admin Priv Escalation
CVE-2020-3539 Published on November 18, 2024
Cisco Data Center Network Manager Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.
The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. An attacker could exploit this vulnerability by convincing a user to click a malicious URL. A successful exploit could allow a low-privileged attacker to list, view, create, edit, and delete templates in the same manner as a user with Administrator privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Vulnerability Analysis
CVE-2020-3539 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2020-3539 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2020-3539
Want to know whenever a new CVE is published for Cisco Prime Data Center Network Manager? stack.watch will email you.
Affected Versions
Cisco Data Center Network Manager Version N/A is affected by CVE-2020-3539Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.