CVE-2020-3522

Name of the Vulnerable Software and Affected Versions Cisco Data Center Network Manager (affected versions not specified)

Description The issue is related to access control errors in the web interface of the system, allowing a remote attacker to bypass authorization and access sensitive device information. The vulnerability exists because the software allows users to access administrator-only resources. An attacker could exploit this by submitting a crafted URL to an affected device, potentially allowing them to add, delete, and edit network configurations with administrative privileges.

Recommendations For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, limit the privileges of non-administrative users to prevent them from accessing sensitive information and network configurations. Avoid using crafted URLs that could exploit the vulnerability in the web interface.