Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability
Description
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco DNA Center Software Image Management feature allows authenticated remote attackers to bypass firewall protections and access internal services due to insufficient input validation.
Vulnerability
The vulnerability resides in the Software Image Management (SWIM) feature of Cisco DNA Center. Due to insufficient validation of user-supplied input, an authenticated, remote attacker can send arbitrary HTTP requests to internal services. Cisco DNA Center versions prior to 1.2.5 are affected [1].
Exploitation
An attacker must have valid authentication credentials to the Cisco DNA Center web interface. By crafting malicious HTTP requests to the SWIM import interface, the attacker can force the device to proxy those requests to internal services that would otherwise be protected by firewalls or network segmentation. No additional user interaction is required [1].
Impact
Successful exploitation allows the attacker to bypass firewall protections and access unauthorized internal services. This could lead to information disclosure, further lateral movement, or compromise of internal systems. The attacker operates with the privileges of the authenticated user but gains access to services that should be restricted [1].
Mitigation
Cisco has released fixed software in Cisco DNA Center version 1.2.5. No workarounds are available. Users should upgrade to the fixed version to remediate the vulnerability [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <1.2.5
- Cisco/Cisco Digital Network Architecture Center (DNA Center)v5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxymitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/108084mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.