← Back

CVE-2020-3281

nvd nist
Published: Jun 3, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Affected (1)

Cisco
1 product
Digital Network Architecture Center
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Digital Network Architecture Center
Before 1.3.3.3

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.