ByteOS Network

NVD Vulnerability Details :

CVE-2020-3539

Analyzed

Source-psirt@cisco.com

Published At-18 Nov, 2024 | 16:15

Updated At-31 Jul, 2025 | 17:23

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. An attacker could exploit this vulnerability by convincing a user to click a malicious URL. A successful exploit could allow a low-privileged attacker to list, view, create, edit, and delete templates in the same manner as a user with Administrator privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CPE Matches

Cisco Systems, Inc.

>>prime_data_center_network_manager>>Versions before 11.4\(1\)(exclusive)

cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-285	Primary	psirt@cisco.com

References

Hyperlink	Source	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2	psirt@cisco.com	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb	psirt@cisco.com	Not Applicable

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History