Adding Cisco CVE-2020-3112

2025-07-29 05:56:59 +00:00 · 2020-02-19 19:10:11 +00:00 · 2020-02-19 19:10:11 +00:00 · 54bca6fa4f
commit 54bca6fa4f
parent 46d9793ebf
1 changed files with 76 additions and 7 deletions
--- a/2020/3xxx/CVE-2020-3112.json
+++ b/2020/3xxx/CVE-2020-3112.json
@ -1,18 +1,87 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2020-02-19T16:00:00-0800",
        "ID": "CVE-2020-3112",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Data Center Network Manager Privilege Escalation Vulnerability"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Data Center Network Manager ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. "
            }
        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "8.8",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-264"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20200219 Cisco Data Center Network Manager Privilege Escalation Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-dcnm-priv-esc"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20200219-dcnm-priv-esc",
+        "defect": [
+            [
+                "CSCvs04007"
+            ]
+        ],
+        "discovery": "INTERNAL"
    }
-}
+}