25 matches found
CVE-2021-1134
Root cause: incomplete validation of the X.509 certificate during the TLS connection between Cisco DNA Center and an ISE server (ISE-DNA Center integration).Affected: Cisco DNA Center Software with the ISE integration feature (versions affected are not always specified in all sources; CNVD notes ...
CVE-2019-15253
CVE-2019-15253 is a stored XSS vulnerability in Cisco DNA Center’s web-based management interface. Affected: Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. Root cause: insufficient validation of user-supplied input enabling an authenticated attacker to trigger stored scripts...
CVE-2022-20630
The CVE-2022-20630 issue affects Cisco DNA Center and is caused by unsecured logging of sensitive information in audit logs. An authenticated, local attacker with administrative privileges could access audit logs via the CLI and retrieve sensitive data, including user credentials. Cisco has relea...
CVE-2021-1257
CVE-2021-1257 affects Cisco DNA Center (web-based management interface) with CSRF in versions prior to 2.1.2.0. An unauthenticated, remote attacker can lure a logged-in user to a crafted link, causing actions on the device with the user’s privileges, including modifying configuration, disconnecti...
CVE-2023-20059
Cisco DNA Center information disclosure vulnerability (CVE-2023-20059) arises from RBAC weaknesses in the integration of the Network Plug-and-Play (PnP) agent. An authenticated, remote attacker with low privileges can query an internal API to view sensitive data in clear text, potentially includi...
CVE-2023-20055
Cisco DNA Center Privilege Escalation (CVE-2023-20055) affects Cisco DNA Center management API. A authenticated remote attacker could inspect API responses to access the API with higher-privilege (Observer) credentials, enabling elevation within the web management interface. Root cause: unintende...
CVE-2020-3466
Cisco DNA Center Web UI XSS vulnerabilities (CVE-2020-3466) allow an unauthenticated, remote attacker to induce script execution in the user’s browser by persuading them to click a crafted link. The issue stems from improper input validation in the web-based management interface. Impact is limite...
CVE-2024-20350
CVE-2024-20350 affects Cisco Catalyst Center (formerly Cisco DNA Center). The issue is due to a static SSH host key in the SSH server, enabling unauthenticated, remote attackers to perform MITM on SSH connections and impersonate the appliance, potentially intercepting traffic, injecting terminal ...
CVE-2024-20333
CVE-2024-20333 affects Cisco Catalyst Center (formerly Cisco DNA Center) web-based management interface. The vulnerability arises from insufficient authorization enforcement, allowing an authenticated, remote attacker to change a specific field in the interface by sending a crafted HTTP request. ...
CVE-2021-1130
Cisco DNA Center suffers a Cross-Site Scripting (XSS) vulnerability in its web-based management interface. The flaw arises from improper validation of user-supplied input, enabling an authenticated attacker to lure a user into clicking a crafted link, which could allow execution of arbitrary scri...
CVE-2025-20210
CVE-2025-20210 affects Cisco Catalyst Center (formerly Cisco DNA Center) where the management API lacks authentication. An unauthenticated remote attacker could read and modify the outgoing proxy configuration, potentially disrupting internet traffic or intercepting outbound traffic. Connected do...
CVE-2023-20184
CVE-2023-20184 concerns Cisco DNA Center Software API vulnerabilities. The affected component is the DNA Center API; the root cause is improper authorization of API requests. Consequences described in the sources include an authenticated, remote attacker reading information from a restricted cont...
CVE-2021-1265
CVE-2021-1265 affects Cisco DNA Center’s Configuration Archiving: archive files are stored in plaintext, allowing an authenticated remote attacker to retrieve full unmasked running configurations via API calls. Documented impact is information disclosure of managed devices; exploitation requires ...
CVE-2023-20182
CVE-2023-20182 relates to multiple vulnerabilities in the Cisco DNA Center Software API. An authenticated, remote attacker can read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as root. Connected sources indicate this...
CVE-2021-34782
Affected software/issue: Cisco DNA Center API endpoints. Vulnerability: Improper access controls on API endpoints allow an authenticated, remote attacker with device credentials to access restricted information. Impact (as stated): attacker could obtain sensitive information about other users wit...
CVE-2023-20183
CVE-2023-20183 affects Cisco DNA Center Software API. The vulnerability stems from improper API authorization, enabling an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as root. A...
CVE-2021-1264
CVE-2021-1264 concerns Cisco DNA Center Command Runner command-injection due to insufficient input validation. The vulnerability allows an authenticated, remote attacker to provide crafted input (or use a crafted command-runner API call) to execute arbitrary CLI commands on devices managed by Cis...
CVE-2019-1841
Cisco DNA Center’s Software Image Management (SWIM) import interface vulnerability (CVE-2019-1841) allows an authenticated, remote attacker to access internal services without extra authentication due to insufficient input validation. Affected: Cisco DNA Center versions prior to 1.2.5. Impact des...
CVE-2020-3411
CVE-2020-3411 affects Cisco DNA Center. The issue is an information-disclosure vulnerability caused by improper handling of authentication tokens, allowing an unauthenticated, remote attacker to access sensitive device information (including configuration files) by sending a crafted HTTP request....
CVE-2025-20223
The CVE-2025-20223 entry concerns Cisco Catalyst Center (formerly Cisco DNA Center). Affected component: internal service repository accessed via HTTP. Root cause: insufficient enforcement of access control on HTTP requests, enabling an authenticated, remote attacker to read and modify data handl...
CVE-2019-1707
CVE-2019-1707 affects Cisco DNA Center’s web-based management interface. A stored XSS vulnerability arises from insufficient validation of user-supplied input, exploitable by persuading an authenticated user to click a crafted link. Successful exploitation could execute arbitrary script code in t...
CVE-2021-1303
CVE-2021-1303 concerns Cisco DNA Center. A vulnerability in the user management roles enforcement allows an authenticated attacker with an Observer role to execute commands on managed devices, potentially viewing diagnostic information. Several sources state this is an elevation of privilege in t...
CVE-2025-20349
CVE-2025-20349 concerns Cisco Catalyst Center. The REST API suffers from insufficient validation of user-supplied input in request parameters, enabling an authenticated attacker (credentials at least Observer) to craft API requests that inject arbitrary commands executed inside a restricted conta...
CVE-2025-20353
The CVE-2025-20353 issue affects Cisco Catalyst Center web-based management interface. It is caused by insufficient validation of user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by convincing a user to click a crafted link. Successful exploi...
CVE-2025-20346
CVE-2025-20346 describes a Cisco Catalyst Center RBAC vulnerability: an authenticated, remote attacker with at least Observer/read-only access can alter policy configurations that should be Administrator‑only. Affected product is Cisco Catalyst Center; exploitation involves logging in and modifyi...