CVE-2023-20055 — Sensitive Information Exposure in Cisco Catalyst Center

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

8.8HIGHNVD

CNA8.0

EPSS

1.3%

top 20.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Center Cisco Digital Network Architecture Center

Timeline

PublishedMar 23

Description

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level u…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/catalyst_center< 2.3.3.6+1

▶CVEListV5cisco/cisco_digital_network_architecture_centern/a

🔴Vulnerability Details

GHSA

GHSA-3ff8-m2gm-qf6j: A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the we↗2023-03-23

▶

CVEList

Cisco DNA Center Privilege Escalation Vulnerability↗2023-03-23

▶

📋Vendor Advisories

Cisco

Cisco DNA Center Privilege Escalation Vulnerability↗2023-03-22

▶