CVE-2020-3112
Cisco Data Center Network Manager Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges.
Una vulnerabilidad en el endpoint de la API REST de Cisco Data Center Network Manager (DCNM), podría permitir a un atacante remoto autenticado elevar los privilegios sobre la aplicación. La vulnerabilidad es debido a una comprobación de control de acceso insuficiente. Un atacante podría explotar esta vulnerabilidad al autenticarse con una cuenta con pocos privilegios y mediante el envío de una petición diseñada para la API. Una explotación con éxito podría permitir al atacante interactuar con la API con privilegios administrativos.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2019-12-12 CVE Reserved
- 2020-02-19 CVE Published
- 2023-12-09 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-269: Improper Privilege Management
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Data Center Network Manager Search vendor "Cisco" for product "Data Center Network Manager" | < 11.3\(1\) Search vendor "Cisco" for product "Data Center Network Manager" and version " < 11.3\(1\)" | - |
Affected
|