Cisco Bug: CSCvu50168 - Authorization bypass in alarm policies
Jul 21, 2020
- Cisco Data Center Network Manager
Known Affected Releases
Symptom: A vulnerability in the web ui of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to perform an authorization bypass attack. The vulnerability is due to insufficient restrictions in place allowing a lower privileged user access to administrative level control. An attacker could exploit this vulnerability by browsing to an affected URL hosted by the device. An exploit could allow the attacker to List, edit, and delete resources of specific policies within DCNM. Conditions: Vulnerability is not dependent on configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases