CVE-2024-20333

CWE-2856 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 62.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst CenterCisco Cisco Digital Network Architecture Center (dna Center)
Timeline
PublishedMar 27

Description

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management int

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/catalyst_center< 2.3.5.4

🔴Vulnerability Details

2
GHSA
GHSA-w9x4-c822-p4wq: A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attack2024-03-27
CVEList
CVE-2024-20333: A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attack2024-03-27

📋Vendor Advisories

1
Cisco
Cisco Catalyst Center Authorization Bypass Vulnerability2024-03-27
CVE-2024-20333 (MEDIUM CVSS 4.3) | A vulnerability in the web-based ma | cvebase.io