CVE-2020-3520 MEDIUM

CVE-2020-3520: Cisco Data Center Network Manager Information Disclosure Vulnerability

Vendor Cisco

Product Cisco Data Center Network Manager

Weakness CWE-200 · Info exposure

Published August 26, 2020

Last update November 13, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential information on an affected device. An attacker at any privilege level could exploit this vulnerability by accessing local filesystems and extracting sensitive information from them. A successful exploit could allow the attacker to view sensitive data, which they could use to elevate their privilege.

Key dates

02Disclosure timeline

August 26, 2020 CVE published

November 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3520 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2020-3520: Cisco Data Center Network Manager Information Disclosure Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE