Cisco Digital Network Architecture Center vulnerabilities

CVE-2021-1257 [HIGH] CWE-352 CVE-2021-1257: A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an un A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the

CVE-2021-1265 [MEDIUM] CWE-312 CVE-2021-1265: A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privi A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An atta

CVE-2021-1130 [MEDIUM] CWE-79 CVE-2021-1130: A vulnerability in the web-based management interface of Cisco DNA Center software could allow an au A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An atta

CVE-2020-3466 [MEDIUM] CWE-79 CVE-2020-3466: Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could al Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly val

CVE-2020-3411 [HIGH] CWE-200 CVE-2020-3411: A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access t A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A success

CVE-2020-3391 [MEDIUM] CWE-200 CVE-2020-3391: A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, rem A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and

CVE-2020-3281 [HIGH] CWE-532 CVE-2020-3281: A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center co A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining cre

CVE-2019-15253 [MEDIUM] CWE-79 CVE-2019-15253: A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Ce A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied in

CVE-2019-1848 [CRITICAL] CWE-668 CVE-2019-1848: A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, a A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unautho

CVE-2019-1841 [HIGH] CWE-441 CVE-2019-1841: A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenti A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to interna

CVE-2019-1707 [MEDIUM] CWE-79 CVE-2019-1707: A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticat A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interfac

CVE-2018-15386 [CRITICAL] CWE-16 CVE-2018-15386: A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, r A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by direct

CVE-2018-0448 [CRITICAL] CWE-326 CVE-2018-0448: A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Cente A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could

CVE-2018-0222 [CRITICAL] CWE-798 CVE-2018-0222: A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credent

CVE-2018-0268 [CRITICAL] CWE-358 CVE-2018-0268: A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attack A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container ma

CVE-2018-0271 [CRITICAL] CWE-287 CVE-2018-0271: A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass au A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could explo