Guest

Preview Tool

Cisco Bug: CSCvu50150 - Authorization bypass vulnerability on DCNM

Last Modified

Jul 21, 2020

Products (1)

  • Cisco Data Center Network Manager

Known Affected Releases

11.3(1)

Description (partial)

Symptom:
A malicious user that has non-admin privileges on the web ui can access the log details that are meant for administrators only.  This gives the malicious user the ability to list all of the logs available and to read the individual logs.

Conditions:
Vulnerability is not dependent on device configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.