Cisco Catalyst Center Unauthenticated API Access Vulnerability
TL;DR 📌
A high-severity vulnerability has been identified in the Cisco Catalyst Center, allowing unauthenticated remote attackers to read and modify proxy configuration settings via an unprotected API endpoint. This could disrupt internet traffic or allow interception of outbound traffic. Users are advised to upgrade to fixed software version 2.3.7.9 or later.
What happened 🕵️♂️
A vulnerability in the management API of Cisco Catalyst Center (formerly Cisco DNA Center) has been discovered. This issue stems from a lack of authentication on an API endpoint, enabling unauthenticated remote attackers to send requests that could read or modify the outgoing proxy configuration. Such exploitation could disrupt internet traffic or allow attackers to intercept outbound traffic.
Affected products 🖥️
The vulnerability affects all versions of Cisco Catalyst Center, regardless of device configuration.
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 1.0 | Initial public release. | |
| Cisco Catalyst Center | 2.3.7.9 | Earlier than 2.3.7.9 |
Workarounds 🧯
There are no workarounds available to address this vulnerability.
Risk in context 🎯
With a CVSS score of 7.3, this vulnerability is rated as High. The risk is significant due to its potential for exploitation by unauthenticated attackers, which could lead to unauthorized access to sensitive configuration settings. Organizations using affected products should prioritize applying the available software updates to reduce exposure.
Fast facts ⚡
- Vulnerability ID: CVE-2025-20210
- CVSS Score: 7.3 (High)
- Exploitation Potential: Unauthenticated remote access
- Impact: Possible disruption of internet traffic and interception of outbound traffic
- Fixed Release: 2.3.7.9
For leadership 🧭
This vulnerability poses a High risk due to its CVSS score of 7.3. It allows unauthenticated remote attackers to access and modify proxy settings, potentially disrupting internet traffic and enabling data interception. The exposure is significant as it does not require authentication and can be exploited remotely.
Remediation ask: Patch affected systems within 7 days to mitigate risks.
Operational impact: Expect a brief maintenance window with no configuration drift.
Now / Next / Later:
- Now: Review affected systems and plan for immediate upgrades.
- Next: Apply the software update to version 2.3.7.9 or later.
- Later: Monitor for any signs of exploitation or unusual activity related to this vulnerability.