CVE-2020-3391

Severity CVSS v4.0:
Pending analysis
Type:
CWE-522 Insufficiently Protected Credentials
Publication date:
02/07/2020
Last modified:
06/08/2021

Description

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cisco:digital_network_architecture_center:*:*:*:*:*:*:*:* 1.2.10 (excluding)