CVE-2020-3112

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges.

Related Vulnerabilities

CVE-2010-5327

HIGH
CVSS:8.8(High)

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

CWE-2642010

CVE-2013-3632

HIGH
CVSS:8.8(High)

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

CWE-2642013

CVE-2014-0087

HIGH
CVSS:8.8(High)

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authoriza...

CWE-2642014

CVE-2014-1946

HIGH
CVSS:8.8(High)

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to thems...

CWE-2642014

CVE-2014-5070

HIGH
CVSS:8.8(High)

Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.

CWE-2642014

CVE-2014-9695

HIGH
CVSS:8.8(High)

The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operation...

CWE-2642014