Lucene search

CiscoCVELIST:CVE-2020-3281

HistoryJun 03, 2020 - 12:00 a.m.

CVE-2020-3281 Cisco Digital Network Architecture Center Information Disclosure Vulnerability

2020-06-0300:00:00

CWE-532

cisco

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

8.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

CNA Affected

[
  {
    "product": "Cisco Digital Network Architecture Center (DNA Center) ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-audit-log-59RBdwb6

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

8.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVELIST:CVE-2020-3281