CVE-2020-3112 HIGH

CVE-2020-3112: Cisco Data Center Network Manager Privilege Escalation Vulnerability

Vendor Cisco
Product Cisco Data Center Network Manager
Weakness CWE-264
Published February 19, 2020
Last update November 15, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges.

Key dates

02Disclosure timeline

February 19, 2020 CVE published
November 15, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS CVE-2019-1889 Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability CVE-2019-19107 ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Information Exposure CVE-2022-45369 WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability CVE-2019-1682 Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability