CVE-2023-20055

HIGH 8.0

Cisco DNA Center Privilege Escalation Vulnerability

CVSS Score

8.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials.

CWE	CWE-200
Vendor	cisco
Product	cisco digital network architecture center (dna center)
Ecosystems	Networking
Industries	NetworkingTelecommunications
Published	Mar 23, 2023
Last Updated	Oct 28, 2024

Stay Ahead of the Next One

Get instant alerts for cisco cisco digital network architecture center (dna center)

Be the first to know when new high vulnerabilities affecting cisco cisco digital network architecture center (dna center) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Cisco / Cisco Digital Network Architecture Center (DNA Center)

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RS