Cisco DNA Center Information Disclosure Vulnerability
Description
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco DNA Center audit logs store sensitive information in clear text, allowing authenticated local administrators to retrieve user credentials via CLI.
Vulnerability
The vulnerability resides in the audit log functionality of Cisco DNA Center. Due to unsecured logging, sensitive information including user credentials is stored in clear text. Affected versions are Cisco DNA Center releases 2.1.2, 2.2.2 (before 2.2.2.8), 2.2.3 (before 2.2.3.4), and 2.3.2 (before 2.3.2.01). Releases earlier than 2.1.2 are not vulnerable [1].
Exploitation
An attacker must have administrative privileges on the affected system. The attacker can access the audit logs through the CLI. No additional user interaction is required beyond authentication. The attacker can then view the clear-text sensitive information stored in the logs [1].
Impact
Successful exploitation allows the attacker to retrieve sensitive information, including user credentials. This results in information disclosure, potentially enabling further unauthorized access to the network or other systems. The attacker gains knowledge of credentials that could be used to compromise additional components [1].
Mitigation
Cisco has released fixed versions: 2.2.2.8, 2.2.3.4, and 2.3.2.01. Users should upgrade via the System Updates feature of Cisco DNA Center. For release 2.1.2, migration to a fixed release is required. No workaround is available. The advisory does not list this CVE on the Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Digital Network Architecture Center (DNA Center)v5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEjmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.