Cisco DNA Center Privilege Escalation Vulnerability
Description
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated attacker with Observer role on Cisco DNA Center can view diagnostic info due to improper role enforcement.
Vulnerability
A privilege escalation vulnerability exists in the user management roles of Cisco DNA Center. Due to improper enforcement of actions for assigned user roles, an authenticated attacker with the Observer role can execute commands to view diagnostic information. Versions prior to 2.1.1.0, 2.1.2.0, 2.1.2.3, and 2.1.2.4 are affected [1].
Exploitation
An attacker must authenticate to the Cisco DNA Center with a user account that has been assigned the Observer role. Once authenticated, the attacker can execute commands that normally require higher privileges, allowing them to view diagnostic information of managed devices [1].
Impact
Successful exploitation allows an attacker with Observer role to access diagnostic information that should be restricted. This results in unauthorized disclosure of sensitive information about the managed network devices, violating confidentiality [1].
Mitigation
Cisco has addressed this vulnerability in software releases 2.1.1.0, 2.1.2.0, 2.1.2.3, and 2.1.2.4 and later. Users should upgrade to one of these fixed versions [1]. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Digital Network Architecture Center (DNA Center)v5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-6qjA3hVhmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.