21 matches found
CVE-2021-1134
Root cause: incomplete validation of the X.509 certificate during the TLS connection between Cisco DNA Center and an ISE server (ISE-DNA Center integration).Affected: Cisco DNA Center Software with the ISE integration feature (versions affected are not always specified in all sources; CNVD notes ...
CVE-2019-15253
CVE-2019-15253 is a stored XSS vulnerability in Cisco DNA Center’s web-based management interface. Affected: Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. Root cause: insufficient validation of user-supplied input enabling an authenticated attacker to trigger stored scripts...
CVE-2021-1257
CVE-2021-1257 affects Cisco DNA Center (web-based management interface) with CSRF in versions prior to 2.1.2.0. An unauthenticated, remote attacker can lure a logged-in user to a crafted link, causing actions on the device with the user’s privileges, including modifying configuration, disconnecti...
CVE-2023-20055
Cisco DNA Center Privilege Escalation (CVE-2023-20055) affects Cisco DNA Center management API. A authenticated remote attacker could inspect API responses to access the API with higher-privilege (Observer) credentials, enabling elevation within the web management interface. Root cause: unintende...
CVE-2023-20059
Cisco DNA Center information disclosure vulnerability (CVE-2023-20059) arises from RBAC weaknesses in the integration of the Network Plug-and-Play (PnP) agent. An authenticated, remote attacker with low privileges can query an internal API to view sensitive data in clear text, potentially includi...
CVE-2024-20333
CVE-2024-20333 affects Cisco Catalyst Center (formerly Cisco DNA Center) web-based management interface. The vulnerability arises from insufficient authorization enforcement, allowing an authenticated, remote attacker to change a specific field in the interface by sending a crafted HTTP request. ...
CVE-2021-1130
Cisco DNA Center suffers a Cross-Site Scripting (XSS) vulnerability in its web-based management interface. The flaw arises from improper validation of user-supplied input, enabling an authenticated attacker to lure a user into clicking a crafted link, which could allow execution of arbitrary scri...
CVE-2025-20210
CVE-2025-20210 affects Cisco Catalyst Center (formerly Cisco DNA Center) where the management API lacks authentication. An unauthenticated remote attacker could read and modify the outgoing proxy configuration, potentially disrupting internet traffic or intercepting outbound traffic. Connected do...
CVE-2023-20184
CVE-2023-20184 concerns Cisco DNA Center Software API vulnerabilities. The affected component is the DNA Center API; the root cause is improper authorization of API requests. Consequences described in the sources include an authenticated, remote attacker reading information from a restricted cont...
CVE-2021-1265
CVE-2021-1265 affects Cisco DNA Center’s Configuration Archiving: archive files are stored in plaintext, allowing an authenticated remote attacker to retrieve full unmasked running configurations via API calls. Documented impact is information disclosure of managed devices; exploitation requires ...
CVE-2023-20182
CVE-2023-20182 relates to multiple vulnerabilities in the Cisco DNA Center Software API. An authenticated, remote attacker can read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as root. Connected sources indicate this...
CVE-2021-34782
Affected software/issue: Cisco DNA Center API endpoints. Vulnerability: Improper access controls on API endpoints allow an authenticated, remote attacker with device credentials to access restricted information. Impact (as stated): attacker could obtain sensitive information about other users wit...
CVE-2023-20183
CVE-2023-20183 affects Cisco DNA Center Software API. The vulnerability stems from improper API authorization, enabling an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as root. A...
CVE-2021-1264
CVE-2021-1264 concerns Cisco DNA Center Command Runner command-injection due to insufficient input validation. The vulnerability allows an authenticated, remote attacker to provide crafted input (or use a crafted command-runner API call) to execute arbitrary CLI commands on devices managed by Cis...
CVE-2019-1841
Cisco DNA Center’s Software Image Management (SWIM) import interface vulnerability (CVE-2019-1841) allows an authenticated, remote attacker to access internal services without extra authentication due to insufficient input validation. Affected: Cisco DNA Center versions prior to 1.2.5. Impact des...
CVE-2025-20223
The CVE-2025-20223 entry concerns Cisco Catalyst Center (formerly Cisco DNA Center). Affected component: internal service repository accessed via HTTP. Root cause: insufficient enforcement of access control on HTTP requests, enabling an authenticated, remote attacker to read and modify data handl...
CVE-2019-1707
CVE-2019-1707 affects Cisco DNA Center’s web-based management interface. A stored XSS vulnerability arises from insufficient validation of user-supplied input, exploitable by persuading an authenticated user to click a crafted link. Successful exploitation could execute arbitrary script code in t...
CVE-2021-1303
CVE-2021-1303 concerns Cisco DNA Center. A vulnerability in the user management roles enforcement allows an authenticated attacker with an Observer role to execute commands on managed devices, potentially viewing diagnostic information. Several sources state this is an elevation of privilege in t...
CVE-2025-20349
CVE-2025-20349 concerns Cisco Catalyst Center. The REST API suffers from insufficient validation of user-supplied input in request parameters, enabling an authenticated attacker (credentials at least Observer) to craft API requests that inject arbitrary commands executed inside a restricted conta...
CVE-2025-20353
The CVE-2025-20353 issue affects Cisco Catalyst Center web-based management interface. It is caused by insufficient validation of user input, enabling an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack by convincing a user to click a crafted link. Successful exploi...
CVE-2025-20346
CVE-2025-20346 describes a Cisco Catalyst Center RBAC vulnerability: an authenticated, remote attacker with at least Observer/read-only access can alter policy configurations that should be Administrator‑only. Affected product is Cisco Catalyst Center; exploitation involves logging in and modifyi...