Guest

Preview Tool

Cisco Bug: CSCvu50168 - Authorization bypass in alarm policies

Last Modified

Jul 21, 2020

Products (1)

  • Cisco Data Center Network Manager

Known Affected Releases

11.3(1)

Description (partial)

Symptom:
A vulnerability in the web ui of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to perform an authorization bypass attack.

The vulnerability is due to insufficient restrictions in place allowing a lower privileged user access to administrative level control. An attacker could exploit this vulnerability by browsing to an affected URL hosted by the device. An exploit could allow the attacker to List, edit, and delete resources of specific policies within DCNM.

Conditions:
Vulnerability is not dependent on configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.