Posts for: #Cisco Digital Network Architecture Center (DNA Center)

Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability

#Cisco  #Cisco Digital Network Architecture Center (DNA Center) 
🚨 SEVERITY: HIGH — CVSS 8.8 Security Advisory

TL;DR 📌

A privilege escalation vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance, allowing authenticated attackers to elevate their privileges to Administrator. The highest CVSS score for this vulnerability is 8.8, categorized as High severity. No workarounds are available, but fixed software releases are provided.

What happened 🕵️‍♂️

A vulnerability in the Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate their privileges to Administrator on an affected system. This issue arises from insufficient validation of user-supplied input. An attacker with valid credentials for a user account with at least the Observer role could exploit this vulnerability by sending a crafted HTTP request, potentially allowing unauthorized modifications to the system.

[]

Cisco Catalyst Center REST API Command Injection Vulnerability

#Cisco  #Cisco Digital Network Architecture Center (DNA Center) 
🚨 SEVERITY: MEDIUM — CVSS 6.3 Security Advisory

TL;DR 📌

A command injection vulnerability has been identified in the Cisco Catalyst Center REST API, allowing authenticated attackers to execute arbitrary commands with root privileges. The highest CVSS score for this vulnerability is 6.3 (Medium). No workarounds are available, but fixed software is provided.

What happened 🕵️‍♂️

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This issue arises from insufficient validation of user-supplied input in REST API request parameters. An attacker must have valid credentials for a user account with at least the role of Observer to exploit this vulnerability.

[]

Cisco Catalyst Center Cross-Site Scripting Vulnerability

#Cisco  #Cisco Digital Network Architecture Center (DNA Center) 
🚨 SEVERITY: MEDIUM — CVSS 6.1 Security Advisory

TL;DR 📌

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Catalyst Center. This vulnerability could allow an unauthenticated remote attacker to execute arbitrary script code in the context of the affected interface. Cisco has released fixed software to address this issue, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the Cisco Catalyst Center’s web-based management interface allows an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. This is due to insufficient validation of user input, enabling an attacker to exploit the vulnerability by persuading a user to click a crafted link. A successful exploit could lead to the execution of arbitrary script code or access to sensitive browser-based information.

[]

Cisco Catalyst Center Privilege Escalation Vulnerability

#Cisco  #Cisco Digital Network Architecture Center (DNA Center) 
🚨 SEVERITY: MEDIUM — CVSS 4.3 Security Advisory

TL;DR 📌

A privilege escalation vulnerability has been identified in Cisco Catalyst Center, allowing authenticated users to perform actions requiring Administrator privileges. The highest CVSS score is 4.3 (Medium). Users are advised to upgrade to fixed software releases as there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in Cisco Catalyst Center could enable an authenticated, remote attacker to execute operations that should be restricted to Administrator privileges. This issue arises from improper role-based access control (RBAC). An attacker with valid read-only user credentials could exploit this vulnerability by logging in and modifying certain policy configurations reserved for the Administrator role.

[]

Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability

#Cisco  #Cisco Digital Network Architecture Center (DNA Center) 
🚨 SEVERITY: MEDIUM — CVSS 4.7 Security Advisory

TL;DR 📌

A medium-severity HTTP open redirect vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance. This flaw could allow unauthenticated attackers to redirect users to malicious web pages. Cisco has released fixed software versions, but there are no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the web-based management interface of the Cisco Catalyst Center Virtual Appliance has been discovered. This issue arises from improper input validation of HTTP request parameters, enabling an unauthenticated remote attacker to intercept and modify HTTP requests. If exploited, this could redirect users to malicious web pages, posing a security risk.

[]

Cisco Catalyst Center Unauthenticated API Access Vulnerability

#Cisco  #Cisco Digital Network Architecture Center (DNA Center) 
🚨 SEVERITY: HIGH — CVSS 7.3 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in the Cisco Catalyst Center, allowing unauthenticated remote attackers to read and modify proxy configuration settings via an unprotected API endpoint. This could disrupt internet traffic or allow interception of outbound traffic. Users are advised to upgrade to fixed software version 2.3.7.9 or later.

What happened 🕵️‍♂️

A vulnerability in the management API of Cisco Catalyst Center (formerly Cisco DNA Center) has been discovered. This issue stems from a lack of authentication on an API endpoint, enabling unauthenticated remote attackers to send requests that could read or modify the outgoing proxy configuration. Such exploitation could disrupt internet traffic or allow attackers to intercept outbound traffic.

[]