Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability
TL;DR 📌
A privilege escalation vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance, allowing authenticated attackers to elevate their privileges to Administrator. The highest CVSS score for this vulnerability is 8.8, categorized as High severity. No workarounds are available, but fixed software releases are provided.
What happened 🕵️♂️
A vulnerability in the Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate their privileges to Administrator on an affected system. This issue arises from insufficient validation of user-supplied input. An attacker with valid credentials for a user account with at least the Observer role could exploit this vulnerability by sending a crafted HTTP request, potentially allowing unauthorized modifications to the system.
Affected products 🖥️
The vulnerability affects the Cisco Catalyst Center Virtual Appliance running on VMware ESXi, regardless of device configuration. Notably, it does not impact Catalyst Center hardware appliances or the Catalyst Center Virtual Appliance on Amazon Web Services (AWS).
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 3.1 | Not vulnerable | |
| 1.0 | Initial public release. | |
| Cisco Catalyst Center | 2.3.7.10-VA | 2.3.7.3-VA and later |
Workarounds 🧯
There are no workarounds available to mitigate this vulnerability.
Risk in context 🎯
With a CVSS score of 8.8, this vulnerability poses a significant risk. The requirement for valid credentials limits exposure to authenticated users, but the potential for privilege escalation could lead to serious unauthorized system modifications.
Fast facts ⚡
- Vulnerability ID: CVE-2025-20341
- Severity: High (CVSS 8.8)
- Exploitation: Requires valid user credentials
- Impact: Unauthorized modifications, including privilege escalation
For leadership 🧭
This vulnerability presents a High risk (CVSS 8.8) due to the potential for authenticated users to escalate privileges to Administrator, which could lead to unauthorized system modifications. The exposure is limited to authenticated users, but the impact on system integrity is significant. Immediate remediation is necessary, with a recommendation to patch within 7 days as fixed releases are available. Operationally, the patching process should involve a brief maintenance window with no expected configuration drift.
Now: Review affected systems and identify users with Observer roles.
Next: Schedule and apply the necessary software updates to mitigate the vulnerability.
Later: Monitor for any unusual activity and reassess user roles and permissions to enhance security.