Cisco Digital Network Architecture Center Information Disclosure Vulnerability
Description
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco DNA Center stores unencrypted credentials in device configuration, allowing authenticated remote attackers to view sensitive information.
Vulnerability
A vulnerability in Cisco Digital Network Architecture (DNA) Center allows an authenticated, remote attacker to view sensitive information in clear text. The bug stems from insecure storage of certain unencrypted credentials on affected devices [1]. Cisco DNA Center releases earlier than Release 1.2.10 are vulnerable [1].
Exploitation
An attacker must first authenticate to the affected Cisco DNA Center web interface. Once authenticated, they can view the network device configuration and obtain credentials that they would not normally have access to [1]. No additional privileges, race conditions, or user interaction beyond standard authenticated access are required.
Impact
A successful exploit allows the attacker to discover and manage network devices using the obtained credentials [1]. This can lead to unauthorized information disclosure and potential compromise of network infrastructure managed by DNA Center.
Mitigation
Cisco has released software updates to address this vulnerability in Cisco DNA Center Release 1.2.10 and later [1]. There are no workarounds that address this vulnerability [1]. Users should upgrade to a fixed version as soon as possible.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-6xsCyDYymitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.