First published: Wed Jul 01 2020(Updated: )
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Digital Network Architecture Center | <1.2.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-3391.
The severity of CVE-2020-3391 is medium (6.5).
Cisco Digital Network Architecture (DNA) Center version 1.2.10 is affected by CVE-2020-3391.
CVE-2020-3391 allows an authenticated remote attacker to view sensitive information in clear text by exploiting insecure storage of certain unencrypted credentials.
Yes, Cisco has released a security advisory with instructions on how to mitigate the vulnerability. Please refer to the reference link for more details.