Lucene search
K
CiscoCatalyst Center

25 matches found

CVE
CVE
added 2021/06/29 3:5 a.m.140 views

CVE-2021-1134

Root cause: incomplete validation of the X.509 certificate during the TLS connection between Cisco DNA Center and an ISE server (ISE-DNA Center integration).Affected: Cisco DNA Center Software with the ISE integration feature (versions affected are not always specified in all sources; CNVD notes ...

7.4CVSS7.5AI score0.00774EPSS
CVE
CVE
added 2020/02/05 5:30 p.m.130 views

CVE-2019-15253

CVE-2019-15253 is a stored XSS vulnerability in Cisco DNA Center’s web-based management interface. Affected: Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. Root cause: insufficient validation of user-supplied input enabling an authenticated attacker to trigger stored scripts...

5.4CVSS4.8AI score0.0312EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.99 views

CVE-2022-20630

The CVE-2022-20630 issue affects Cisco DNA Center and is caused by unsecured logging of sensitive information in audit logs. An authenticated, local attacker with administrative privileges could access audit logs via the CLI and retrieve sensitive data, including user credentials. Cisco has relea...

4.4CVSS4.4AI score0.00226EPSS
CVE
CVE
added 2021/01/20 7:57 p.m.97 views

CVE-2021-1257

CVE-2021-1257 affects Cisco DNA Center (web-based management interface) with CSRF in versions prior to 2.1.2.0. An unauthenticated, remote attacker can lure a logged-in user to a crafted link, causing actions on the device with the user’s privileges, including modifying configuration, disconnecti...

8.8CVSS8.1AI score0.00836EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.96 views

CVE-2023-20059

Cisco DNA Center information disclosure vulnerability (CVE-2023-20059) arises from RBAC weaknesses in the integration of the Network Plug-and-Play (PnP) agent. An authenticated, remote attacker with low privileges can query an internal API to view sensitive data in clear text, potentially includi...

6.5CVSS5.2AI score0.00407EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.95 views

CVE-2023-20055

Cisco DNA Center Privilege Escalation (CVE-2023-20055) affects Cisco DNA Center management API. A authenticated remote attacker could inspect API responses to access the API with higher-privilege (Observer) credentials, enabling elevation within the web management interface. Root cause: unintende...

8.8CVSS7.9AI score0.00745EPSS
CVE
CVE
added 2020/08/26 4:16 p.m.80 views

CVE-2020-3466

Cisco DNA Center Web UI XSS vulnerabilities (CVE-2020-3466) allow an unauthenticated, remote attacker to induce script execution in the user’s browser by persuading them to click a crafted link. The issue stems from improper input validation in the web-based management interface. Impact is limite...

6.1CVSS5.3AI score0.00921EPSS
CVE
CVE
added 2024/09/25 4:19 p.m.79 views

CVE-2024-20350

CVE-2024-20350 affects Cisco Catalyst Center (formerly Cisco DNA Center). The issue is due to a static SSH host key in the SSH server, enabling unauthenticated, remote attackers to perform MITM on SSH connections and impersonate the appliance, potentially intercepting traffic, injecting terminal ...

8.1CVSS7.6AI score0.00395EPSS
CVE
CVE
added 2024/03/27 4:43 p.m.78 views

CVE-2024-20333

CVE-2024-20333 affects Cisco Catalyst Center (formerly Cisco DNA Center) web-based management interface. The vulnerability arises from insufficient authorization enforcement, allowing an authenticated, remote attacker to change a specific field in the interface by sending a crafted HTTP request. ...

4.3CVSS6.7AI score0.00365EPSS
CVE
CVE
added 2021/01/13 9:20 p.m.77 views

CVE-2021-1130

Cisco DNA Center suffers a Cross-Site Scripting (XSS) vulnerability in its web-based management interface. The flaw arises from improper validation of user-supplied input, enabling an authenticated attacker to lure a user into clicking a crafted link, which could allow execution of arbitrary scri...

4.8CVSS4.9AI score0.00817EPSS
CVE
CVE
added 2025/05/07 5:16 p.m.77 views

CVE-2025-20210

CVE-2025-20210 affects Cisco Catalyst Center (formerly Cisco DNA Center) where the management API lacks authentication. An unauthenticated remote attacker could read and modify the outgoing proxy configuration, potentially disrupting internet traffic or intercepting outbound traffic. Connected do...

7.3CVSS7.2AI score0.00348EPSS
CVE
CVE
added 2023/05/18 12:0 a.m.74 views

CVE-2023-20184

CVE-2023-20184 concerns Cisco DNA Center Software API vulnerabilities. The affected component is the DNA Center API; the root cause is improper authorization of API requests. Consequences described in the sources include an authenticated, remote attacker reading information from a restricted cont...

5.4CVSS5.5AI score0.00485EPSS
CVE
CVE
added 2021/01/20 7:57 p.m.73 views

CVE-2021-1265

CVE-2021-1265 affects Cisco DNA Center’s Configuration Archiving: archive files are stored in plaintext, allowing an authenticated remote attacker to retrieve full unmasked running configurations via API calls. Documented impact is information disclosure of managed devices; exploitation requires ...

7.7CVSS6.5AI score0.00918EPSS
CVE
CVE
added 2023/05/18 12:0 a.m.71 views

CVE-2023-20182

CVE-2023-20182 relates to multiple vulnerabilities in the Cisco DNA Center Software API. An authenticated, remote attacker can read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as root. Connected sources indicate this...

8.8CVSS7.6AI score0.00624EPSS
CVE
CVE
added 2021/10/06 7:45 p.m.69 views

CVE-2021-34782

Affected software/issue: Cisco DNA Center API endpoints. Vulnerability: Improper access controls on API endpoints allow an authenticated, remote attacker with device credentials to access restricted information. Impact (as stated): attacker could obtain sensitive information about other users wit...

4.3CVSS4.6AI score0.00755EPSS
CVE
CVE
added 2023/05/18 12:0 a.m.68 views

CVE-2023-20183

CVE-2023-20183 affects Cisco DNA Center Software API. The vulnerability stems from improper API authorization, enabling an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as root. A...

5.4CVSS5.5AI score0.00493EPSS
CVE
CVE
added 2021/01/20 7:57 p.m.66 views

CVE-2021-1264

CVE-2021-1264 concerns Cisco DNA Center Command Runner command-injection due to insufficient input validation. The vulnerability allows an authenticated, remote attacker to provide crafted input (or use a crafted command-runner API call) to execute arbitrary CLI commands on devices managed by Cis...

9.6CVSS9.2AI score0.03725EPSS
CVE
CVE
added 2019/04/18 1:30 a.m.58 views

CVE-2019-1841

Cisco DNA Center’s Software Image Management (SWIM) import interface vulnerability (CVE-2019-1841) allows an authenticated, remote attacker to access internal services without extra authentication due to insufficient input validation. Affected: Cisco DNA Center versions prior to 1.2.5. Impact des...

8.1CVSS7AI score0.02644EPSS
CVE
CVE
added 2020/08/17 6:1 p.m.57 views

CVE-2020-3411

CVE-2020-3411 affects Cisco DNA Center. The issue is an information-disclosure vulnerability caused by improper handling of authentication tokens, allowing an unauthenticated, remote attacker to access sensitive device information (including configuration files) by sending a crafted HTTP request....

7.5CVSS7.5AI score0.02222EPSS
CVE
CVE
added 2025/05/07 5:37 p.m.56 views

CVE-2025-20223

The CVE-2025-20223 entry concerns Cisco Catalyst Center (formerly Cisco DNA Center). Affected component: internal service repository accessed via HTTP. Root cause: insufficient enforcement of access control on HTTP requests, enabling an authenticated, remote attacker to read and modify data handl...

4.7CVSS4.7AI score0.00244EPSS
CVE
CVE
added 2019/03/11 10:0 p.m.54 views

CVE-2019-1707

CVE-2019-1707 affects Cisco DNA Center’s web-based management interface. A stored XSS vulnerability arises from insufficient validation of user-supplied input, exploitable by persuading an authenticated user to click a crafted link. Successful exploitation could execute arbitrary script code in t...

5.4CVSS5.3AI score0.00876EPSS
CVE
CVE
added 2021/01/20 7:55 p.m.53 views

CVE-2021-1303

CVE-2021-1303 concerns Cisco DNA Center. A vulnerability in the user management roles enforcement allows an authenticated attacker with an Observer role to execute commands on managed devices, potentially viewing diagnostic information. Several sources state this is an elevation of privilege in t...

8.8CVSS6AI score0.01404EPSS
CVE
CVE
added 2025/11/13 4:18 p.m.22 views

CVE-2025-20349

CVE-2025-20349 concerns Cisco Catalyst Center. The REST API suffers from insufficient validation of user-supplied input in request parameters, enabling an authenticated attacker (credentials at least Observer) to craft API requests that inject arbitrary commands executed inside a restricted conta...

8.8CVSS7AI score0.00324EPSS
CVE
CVE
added 2025/11/13 4:18 p.m.18 views

CVE-2025-20353

The CVE-2025-20353 issue affects Cisco Catalyst Center web-based management interface. It is caused by insufficient validation of user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by convincing a user to click a crafted link. Successful exploi...

6.1CVSS5.8AI score0.00195EPSS
CVE
CVE
added 2025/11/13 4:27 p.m.15 views

CVE-2025-20346

CVE-2025-20346 describes a Cisco Catalyst Center RBAC vulnerability: an authenticated, remote attacker with at least Observer/read-only access can alter policy configurations that should be Administrator‑only. Affected product is Cisco Catalyst Center; exploitation involves logging in and modifyi...

4.3CVSS6.6AI score0.00239EPSS