VDB
CVE-2020-3539
CVE-2020-3539
PUBLISHED
CVSS 6.300000190734863 MEDIUM
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. An attacker could exploit this vulnerability by convincing a user to click a malicious URL. A successful exploit could allow a low-privileged attacker to list, view, create, edit, and delete templates in the same manner as a user with Administrator privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
EPSS 0.37% · 59.3th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/RL:X/RC:X/E:X
EPSS Score
0.37%
59.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Data Center Network Manager | N/A |
| cisco | prime_data_center_network_manager | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2020-3539 (circl-sighting)
- CIRCL seen: CVE-2020-3539 (circl-sighting)
- cisco-sa-dcnm-authbypass-YVJzqgk2 (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb (circl)
Timeline
- Nov 18, 2024 CVE Published
- Nov 18, 2024 PoC Published
- Nov 18, 2024 CVE Updated
- Nov 19, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 25, 2024 EPSS Score
- Jan 11, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 15, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 9, 2025 EPSS Score