Dna Center@* Security Vulnerabilities and Issues — Dna Center@* CVE List

Lucene search

CiscoDna Center*

8 matches found

CVE•added 2021/12/10 10:15 a.m.•5645 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message ...

10CVSS10AI score0.94358EPSS

CVE•added 2021/06/29 3:15 a.m.•121 views

CVE-2021-1134

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when est...

7.4CVSS7.5AI score0.00202EPSS

CVE•added 2021/01/20 8:15 p.m.•78 views

CVE-2021-1257

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulne...

8.8CVSS8.1AI score0.00091EPSS

CVE•added 2021/01/13 10:15 p.m.•59 views

CVE-2021-1130

A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface ...

4.8CVSS4.9AI score0.00174EPSS

CVE•added 2021/01/20 8:15 p.m.•52 views

CVE-2021-1264

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted...

9.6CVSS9.2AI score0.00907EPSS

CVE•added 2021/01/20 8:15 p.m.•49 views

CVE-2021-1265

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text...

7.7CVSS6.5AI score0.0011EPSS

CVE•added 2021/10/06 8:15 p.m.•49 views

CVE-2021-34782

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An atta...

4.3CVSS4.6AI score0.00129EPSS

CVE•added 2021/01/20 8:15 p.m.•41 views

CVE-2021-1303

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by...

8.8CVSS6AI score0.00177EPSS