cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20350,https://securityvulnerability.io/vulnerability/CVE-2024-20350,Unsuspecting SSH Attacks on Cisco Catalyst Center,"A vulnerability exists in the SSH server of Cisco Catalyst Center that enables an unauthenticated remote attacker to impersonate the appliance. This issue arises from a static SSH host key, which makes it susceptible to machine-in-the-middle attacks. Attackers exploiting this vulnerability can intercept and manipulate traffic between SSH clients and the Cisco Catalyst Center. Consequently, they could impersonate the device, inject unauthorized commands into terminal sessions, and potentially compromise valid user credentials.",Cisco,Cisco Digital Network Architecture Center (dna Center),7.5,HIGH,0.0004299999854993075,false,,false,false,true,2024-09-27T04:15:02.000Z,,false,false,,2024-09-25T17:15:00.000Z,0
CVE-2024-20333,https://securityvulnerability.io/vulnerability/CVE-2024-20333,Cisco Catalyst Center Vulnerability: Authenticated Attackers Can Modify Data,"A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device.
 This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-27T16:43:33.371Z,0
CVE-2023-20223,https://securityvulnerability.io/vulnerability/CVE-2023-20223,Access Control Issues Found in Cisco DNA Center,"A vulnerability in Cisco DNA Center enables an unauthenticated remote attacker to read and modify sensitive data from an internal service on affected devices. This issue stems from inadequate enforcement of access controls on API requests. An attacker could exploit this flaw by sending specifically crafted API requests to the device, potentially allowing them to gain unauthorized access and manipulate critical data within the repository.",Cisco,Cisco Digital Network Architecture Center (DNA Center),8.2,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2023-09-27T18:15:00.000Z,0
CVE-2023-20183,https://securityvulnerability.io/vulnerability/CVE-2023-20183,Cisco DNA Center Software API Vulnerabilities,"Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Digital Network Architecture Center (dna Center),5.4,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-10-25T17:15:16.000Z,,false,false,,2023-05-18T03:15:00.000Z,0
CVE-2023-20182,https://securityvulnerability.io/vulnerability/CVE-2023-20182,Cisco DNA Center Software API Vulnerabilities,"Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Digital Network Architecture Center (dna Center),5.4,MEDIUM,0.0019199999514967203,false,,false,false,true,2024-10-25T17:15:16.000Z,,false,false,,2023-05-18T03:15:00.000Z,0
CVE-2023-20184,https://securityvulnerability.io/vulnerability/CVE-2023-20184,Cisco DNA Center Software API Vulnerabilities,"Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Digital Network Architecture Center (dna Center),5.4,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-10-25T16:15:12.000Z,,false,false,,2023-05-18T03:15:00.000Z,0
CVE-2023-20055,https://securityvulnerability.io/vulnerability/CVE-2023-20055,Cisco DNA Center Privilege Escalation Vulnerability,"A security flaw in the management API of Cisco DNA Center enables authenticated, remote attackers to escalate their privileges within the web-based management interface. This issue arises from the unintended disclosure of sensitive information. By examining the API responses, an attacker who possesses valid Observer credentials can potentially gain access to the API with higher-level user account privileges. As a result, this vulnerability could facilitate unauthorized actions or access within the Cisco DNA Center environment.",Cisco,Cisco Digital Network Architecture Center (dna Center),8,HIGH,0.0012600000482052565,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-03-23T00:00:00.000Z,0
CVE-2023-20059,https://securityvulnerability.io/vulnerability/CVE-2023-20059,Cisco DNA Center Information Disclosure Vulnerability,"A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.3,MEDIUM,0.0008999999845400453,false,,false,false,true,2024-10-25T17:15:13.000Z,,false,false,,2023-03-23T00:00:00.000Z,0
CVE-2022-20630,https://securityvulnerability.io/vulnerability/CVE-2022-20630,Cisco DNA Center Information Disclosure Vulnerability,"A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T03:15:34.000Z,,false,false,,2022-02-10T18:15:00.000Z,0
CVE-2021-34782,https://securityvulnerability.io/vulnerability/CVE-2021-34782,Cisco DNA Center Information Disclosure Vulnerability,"A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.3,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-04T02:15:24.000Z,,false,false,,2021-10-06T00:00:00.000Z,0
CVE-2021-1134,https://securityvulnerability.io/vulnerability/CVE-2021-1134,Cisco DNA Center Certificate Validation Vulnerability,"A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network.",Cisco,Cisco Digital Network Architecture Center (dna Center),7.4,HIGH,0.002400000113993883,false,,false,false,true,2024-08-03T17:15:40.000Z,,false,false,,2021-06-29T03:15:00.000Z,0
CVE-2021-1265,https://securityvulnerability.io/vulnerability/CVE-2021-1265,Cisco DNA Center Information Disclosure Vulnerability,"A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.",Cisco,Cisco Digital Network Architecture Center (dna Center),7.7,HIGH,0.0010600000387057662,false,,false,false,true,2024-08-03T17:15:47.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1303,https://securityvulnerability.io/vulnerability/CVE-2021-1303,Cisco DNA Center Privilege Escalation Vulnerability,"A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.3,MEDIUM,0.007840000092983246,false,,false,false,true,2024-08-03T17:15:49.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1257,https://securityvulnerability.io/vulnerability/CVE-2021-1257,Cisco DNA Center Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.",Cisco,Cisco Digital Network Architecture Center (dna Center),7.1,HIGH,0.00139999995008111,false,,false,false,true,2024-08-03T17:15:47.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1264,https://securityvulnerability.io/vulnerability/CVE-2021-1264,Cisco DNA Center Command Runner Command Injection Vulnerability,"A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.",Cisco,Cisco Digital Network Architecture Center (dna Center),9.6,CRITICAL,0.0018899999558925629,false,,false,false,true,2024-08-03T17:15:47.000Z,,false,false,,2021-01-20T00:00:00.000Z,0
CVE-2021-1130,https://securityvulnerability.io/vulnerability/CVE-2021-1130,Cisco DNA Center Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have administrative credentials on the affected device.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-03T17:15:40.000Z,,false,false,,2021-01-13T00:00:00.000Z,0
CVE-2020-3466,https://securityvulnerability.io/vulnerability/CVE-2020-3466,Cisco DNA Center Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.7,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-04T08:16:41.000Z,,false,false,,2020-08-26T17:15:00.000Z,0
CVE-2020-3411,https://securityvulnerability.io/vulnerability/CVE-2020-3411,Cisco DNA Center Information Disclosure Vulnerability,"A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.",Cisco,Cisco Digital Network Architecture Center (dna Center),7.5,HIGH,0.001560000004246831,false,,false,false,true,2024-08-04T08:16:39.000Z,,false,false,,2020-08-17T18:15:00.000Z,0
CVE-2020-3391,https://securityvulnerability.io/vulnerability/CVE-2020-3391,Cisco Digital Network Architecture Center Information Disclosure Vulnerability,"A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",Cisco,Cisco Digital Network Architecture Center (dna Center),6.5,MEDIUM,0.001500000013038516,false,,false,false,true,2024-08-04T08:16:38.000Z,,false,false,,2020-07-02T05:15:00.000Z,0
CVE-2020-3281,https://securityvulnerability.io/vulnerability/CVE-2020-3281,Cisco Digital Network Architecture Center Information Disclosure Vulnerability,"A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.",Cisco,Cisco Digital Network Architecture Center (dna Center),4.3,MEDIUM,0.0027000000700354576,false,,false,false,true,2024-08-04T08:16:33.000Z,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2019-15253,https://securityvulnerability.io/vulnerability/CVE-2019-15253,Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.",Cisco,Cisco Digital Network Architecture Center (dna Center),5.4,MEDIUM,0.0036299999337643385,false,,false,false,true,2024-08-05T02:15:28.000Z,,false,false,,2020-02-05T00:00:00.000Z,0
CVE-2019-1848,https://securityvulnerability.io/vulnerability/CVE-2019-1848,Cisco DNA Center Authentication Bypass Vulnerability,"A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access.",Cisco,Cisco Digital Network Architecture Center (dna Center),9.3,CRITICAL,0.0005699999746866524,false,,false,false,true,2024-08-04T19:16:13.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2019-1841,https://securityvulnerability.io/vulnerability/CVE-2019-1841,Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability,"A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.",Cisco,Cisco Digital Network Architecture Center (dna Center),6.5,MEDIUM,0.0012700000079348683,false,,false,false,true,2024-08-04T19:16:13.000Z,,false,false,,2019-04-18T02:29:00.000Z,0
CVE-2019-1707,https://securityvulnerability.io/vulnerability/CVE-2019-1707,Cisco DNA Center Access Contract Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco DNA Center versions prior to 1.2.5 are affected.",Cisco,Cisco Digital Network Architecture Center (dna Center),5.4,MEDIUM,0.0005499999970197678,false,,false,false,true,2024-08-04T19:16:05.000Z,,false,false,,2019-03-11T21:29:00.000Z,0
CVE-2018-0448,https://securityvulnerability.io/vulnerability/CVE-2018-0448,Cisco Digital Network Architecture Center Authentication Bypass Vulnerability,"A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient security restrictions for critical management functions. An attacker could exploit this vulnerability by sending a valid identity management request to the affected system. An exploit could allow the attacker to view and make unauthorized modifications to existing system users as well as create new users.",Cisco,Cisco Digital Network Architecture Center (dna Center),9.8,CRITICAL,0.0026000000070780516,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0