CVE-2023-20059

CWE-555CWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 61.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst CenterCisco Cisco Digital Network Architecture Center (dna Center)
Timeline
PublishedMar 23

Description

A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit coul

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/catalyst_center2.3.4.02.3.5.0+1

🔴Vulnerability Details

2
GHSA
GHSA-723j-vwr2-6865: A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker2023-03-23
CVEList
Cisco DNA Center Information Disclosure Vulnerability2023-03-23

📋Vendor Advisories

1
Cisco
Cisco DNA Center Information Disclosure Vulnerability2023-03-22
CVE-2023-20059 (MEDIUM CVSS 6.5) | A vulnerability in the implementati | cvebase.io