How severe is CVE-2020-3386?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-3386?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2020-3386 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.

Related Vulnerabilities

CVE-2016-1710

HIGH

CVSS:8.8(High)

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which ...

CWE-2852016

CVE-2016-1711

HIGH

CVSS:8.8(High)

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows r...

CWE-2852016

CVE-2016-3352

HIGH

CVSS:8.8(High)

Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via...

CWE-2852016

CVE-2016-7071

HIGH

CVSS:8.8(High)

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbi...

CWE-2852016

CVE-2016-9217

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. Mor...

CWE-2852016

CVE-2017-0926

HIGH

CVSS:8.8(High)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

CWE-2852017