Cisco Catalyst Center Insufficient Access Control Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 4.7 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in Cisco Catalyst Center, allowing authenticated remote attackers to read and modify data due to insufficient access control on HTTP requests. No workarounds are available, and affected users are advised to upgrade to fixed software versions.

What happened 🕵️‍♂️

Cisco has disclosed a vulnerability in the Cisco Catalyst Center, formerly known as Cisco DNA Center. This flaw stems from insufficient enforcement of access control on HTTP requests, enabling an authenticated remote attacker to exploit the vulnerability by sending a crafted HTTP request. A successful exploit could allow attackers to read and modify data managed by an internal service on the affected device.

Affected products 🖥️

The vulnerability specifically affects Cisco Catalyst Center deployments that have Disaster Recovery enabled. It’s important to note that Disaster Recovery is not enabled by default. To determine if your deployment is affected, check the status of Disaster Recovery in the Cisco Catalyst Center GUI under System > Disaster Recovery.

Fixed software 🔧

Upgrade to at least the first fixed release in your train (or later):

Product / Release Train First Fixed Release Notes
ISE / ISE-PIC 1.0 Initial public release.

Workarounds 🧯

There are no workarounds available to mitigate this vulnerability.

Risk in context 🎯

With a CVSS score of 4.7, this vulnerability is classified as medium severity. While it requires authentication to exploit, the potential for data manipulation poses a significant risk to the integrity of data within the affected systems.

Fast facts ⚡

  • Vulnerability ID: CVE-2025-20223
  • Severity: Medium (CVSS 4.7)
  • Exploitation: Requires authenticated access
  • No workarounds available

For leadership 🧭

Organizations using Cisco Catalyst Center should prioritize upgrading to the fixed software version (2.3.7.7 or later) to mitigate the risk associated with this vulnerability. Regularly reviewing security advisories and ensuring that all systems are up to date is crucial for maintaining a secure network environment. For further guidance, consult the Cisco Technical Assistance Center (TAC) or your maintenance provider.