CVE-2025-20341Improper Access Control in Cisco Digital Network Architecture Center

CWE-284Improper Access Control4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 51.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Digital Network Architecture Center
Timeline
PublishedNov 13

Description

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Cisco Catalyst Center Privilege Escalation Vulnerability2025-11-13
GHSA
GHSA-8m7g-q5hf-chf5: A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an2025-11-13

📋Vendor Advisories

1
Cisco
Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability2025-11-13
CVE-2025-20341 — Improper Access Control in Cisco | cvebase