CVE-2020-3376

HIGH

Cisco Data Center Network Manager - Unauthenticated Authentication Bypass via Hosted URLs

Title source: llm

Description

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-JkubGpu3

Scores

CVSS v3 7.3

EPSS 0.0089

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (4)

cisco/data_center_network_manager 11.0\(1\)

cisco/data_center_network_manager 11.1\(1\)

cisco/data_center_network_manager 11.2\(1\)

cisco/data_center_network_manager 11.3\(1\)

Published Jul 31, 2020

Tracked Since Feb 18, 2026