Cisco Data Center Network Manager Authorization Bypass Vulnerability

By GIXnews

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

The vulnerability is due to a failure to limit access to resources that are intended for administrators only. An attacker with low-level privileges could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to list, view, create, edit, and delete templates in the same manner as a user with administrative privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-bypass-auth-mVDR6ygT

Security Impact Rating: Medium

CVE: CVE-2020-3540

Source:: Cisco Security Advisories