Cisco Dna Center vulnerabilities

CVE-2023-20223 [HIGH] CWE-284 CVE-2023-20223: A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modi A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-1264 Cisco DNA Center Command Runner Command Injection Vulnerability CVE-2021-1264: Cisco DNA Center Command Runner Command Injection Vulnerability A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a cra

CVE-2022-20630 Cisco DNA Center Information Disclosure Vulnerability CVE-2022-20630: Cisco DNA Center Information Disclosure Vulnerability A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI

CVE-2023-20183 Cisco DNA Center Software API Vulnerabilities CVE-2023-20183: Cisco DNA Center Software API Vulnerabilities Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-285, CWE-78, CWE-285, CWE-78 Bug IDs:

CVE-2020-3466 Cisco DNA Center Cross-Site Scripting Vulnerabilities CVE-2020-3466: Cisco DNA Center Cross-Site Scripting Vulnerabilities Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate use

CVE-2021-1257 Cisco DNA Center Cross-Site Request Forgery Vulnerability CVE-2021-1257: Cisco DNA Center Cross-Site Request Forgery Vulnerability A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the

CVE-2023-20059 Cisco DNA Center Information Disclosure Vulnerability CVE-2023-20059: Cisco DNA Center Information Disclosure Vulnerability A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An

CVE-2021-1134 Cisco DNA Center Certificate Validation Vulnerability CVE-2021-1134: Cisco DNA Center Certificate Validation Vulnerability A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An

CVE-2023-20184 Cisco DNA Center Software API Vulnerabilities CVE-2023-20184: Cisco DNA Center Software API Vulnerabilities Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-285, CWE-78, CWE-285, CWE-78 Bug IDs:

CVE-2021-1265 Cisco DNA Center Information Disclosure Vulnerability CVE-2021-1265: Cisco DNA Center Information Disclosure Vulnerability A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could

CVE-2023-20055 Cisco DNA Center Privilege Escalation Vulnerability CVE-2023-20055: Cisco DNA Center Privilege Escalation Vulnerability A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the AP

CVE-2021-1303 Cisco DNA Center Privilege Escalation Vulnerability CVE-2021-1303: Cisco DNA Center Privilege Escalation Vulnerability A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing comman

CVE-2021-1130 Cisco DNA Center Cross-Site Scripting Vulnerability CVE-2021-1130: Cisco DNA Center Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could ex

CVE-2020-3411 Cisco DNA Center Information Disclosure Vulnerability CVE-2020-3411: Cisco DNA Center Information Disclosure Vulnerability A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful expl

CVE-2023-20182 Cisco DNA Center Software API Vulnerabilities CVE-2023-20182: Cisco DNA Center Software API Vulnerabilities Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-285, CWE-78, CWE-285, CWE-78 Bug IDs:

CVE-2021-34782 Cisco DNA Center Information Disclosure Vulnerability CVE-2021-34782: Cisco DNA Center Information Disclosure Vulnerability A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API

CVE-2019-1848 Cisco DNA Center Authentication Bypass Vulnerability CVE-2019-1848: Cisco DNA Center Authentication Bypass Vulnerability A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network