CVE-2020-3382

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (DCNM) versions prior to the fixed version

Description The issue is related to the use of pre-installed credentials in the web interface of Cisco Data Center Network Manager (DCNM) and the REST API, which allows an unauthenticated, remote attacker to bypass authentication. The vulnerability exists due to the use of a static encryption key across different installations. An attacker could exploit this by crafting a valid session token using the static key, potentially allowing them to perform arbitrary actions with administrative privileges through the REST API.

Recommendations For versions prior to the fixed version, update to the fixed version to resolve the issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation. Avoid using the static encryption key in the affected API endpoints until the issue is resolved.