Cisco Catalyst Center REST API Command Injection Vulnerability
TL;DR 📌
A command injection vulnerability has been identified in the Cisco Catalyst Center REST API, allowing authenticated attackers to execute arbitrary commands with root privileges. The highest CVSS score for this vulnerability is 6.3 (Medium). No workarounds are available, but fixed software is provided.
What happened 🕵️♂️
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This issue arises from insufficient validation of user-supplied input in REST API request parameters. An attacker must have valid credentials for a user account with at least the role of Observer to exploit this vulnerability.
Affected products 🖥️
The vulnerability affects both virtual and hardware appliances of Cisco Catalyst Center, regardless of device configuration. Specifically, the following software releases are impacted:
- Cisco Catalyst Center Release 2.3.7 and earlier
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 2.3.7 and earlier | 2.3.7.10 | |
| 3.1 | Not affected | |
| 1.0 | Initial public release. | |
| Cisco Catalyst Center | 2.3.7.10 | 2.3.7 and earlier |
| Cisco Catalyst Center | Not affected |
Workarounds 🧯
There are no workarounds that address this vulnerability.
Risk in context 🎯
With a CVSS score of 6.3, this vulnerability is rated as Medium risk. While it requires authentication, the potential for command execution with root privileges poses a significant threat if exploited. Organizations should prioritize upgrading to the fixed software to mitigate this risk.
Fast facts ⚡
- Vulnerability: Command injection in Cisco Catalyst Center REST API
- CVSS Score: 6.3 (Medium)
- Exploitation: Requires authenticated access
- Workarounds: None available
- Fixed Release: 2.3.7.10
For leadership 🧭
This advisory highlights a Medium risk vulnerability in the Cisco Catalyst Center REST API that could allow authenticated attackers to execute arbitrary commands with root privileges. The exposure requires valid user credentials, but the potential impact is significant.
Remediation ask: Upgrade to the fixed software release (2.3.7.10) within 7 days to mitigate risk.
Operational impact: Expect a brief maintenance window with no configuration drift.
Now / Next / Later:
- Now: Review affected systems and user access levels.
- Next: Schedule and implement the upgrade to the fixed software.
- Later: Monitor for any unusual activity and reassess user access policies.
No public exploitation has been reported, but immediate action is recommended to prevent potential future risks.