CVE-2025-20210

CWE-306 — Missing Authentication4 documents4 sources

Severity

7.3HIGH

EPSS

0.2%

top 52.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Center Cisco Cisco Digital Network Architecture Center (dna Center)

Timeline

PublishedMay 7

Description

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which cou…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDcisco/catalyst_center< 2.3.7.9

▶CVEListV5cisco/cisco_digital_network_architecture_center_(dna_center)100 versions+99

🔴Vulnerability Details

CVEList

Cisco Catalyst Center Unprotected API Endpoint↗2025-05-07

▶

GHSA

GHSA-4f7p-398v-2rw7: A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and↗2025-05-07

▶

📋Vendor Advisories

Cisco

Cisco Catalyst Center Unauthenticated API Access Vulnerability↗2025-05-07

▶