Cisco DCNM Vulnerability Allows Unauthorized Access to Templates

CVE-2020-3539

Summary

A vulnerability exists in the web-based management interface of Cisco Data Center Network Manager, enabling an authenticated, remote attacker to gain unauthorized access to data typically restricted to users with Administrator privileges. This flaw arises from the application's failure to appropriately restrict access to certain resources. By leveraging this vulnerability, an attacker can exploit the system through social engineering tactics, such as tricking a user into clicking a specially crafted URL. Upon successful exploitation, the attacker can conduct various unauthorized actions, including listing, viewing, creating, editing, and deleting templates, thereby masquerading as a fully privileged Administrator user. Cisco has acknowledged this vulnerability and has released software updates addressing these issues, with no viable workarounds available.

References