Cisco Digital Network Architecture Center (DNA Center)

🚨 SEVERITY: HIGH — CVSS 7.3 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in the Cisco Catalyst Center, allowing unauthenticated remote attackers to read and modify proxy configuration settings via an unprotected API endpoint. This could disrupt internet traffic or allow interception of outbound traffic. Users are advised to upgrade to fixed software version 2.3.7.9 or later.

What happened 🕵️‍♂️

A vulnerability in the management API of Cisco Catalyst Center (formerly Cisco DNA Center) has been discovered. This issue stems from a lack of authentication on an API endpoint, enabling unauthenticated remote attackers to send requests that could read or modify the outgoing proxy configuration. Such exploitation could disrupt internet traffic or allow attackers to intercept outbound traffic.

Posts for: #Cisco Digital Network Architecture Center (DNA Center)

Cisco Catalyst Center Unauthenticated API Access Vulnerability

TL;DR 📌

What happened 🕵️‍♂️