Unrated severityNVD Advisory· Published Mar 23, 2023· Updated Oct 28, 2024

Cisco DNA Center Privilege Escalation Vulnerability

CVE-2023-20055

Description

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated, remote attacker with Observer credentials can exploit an information disclosure flaw in Cisco DNA Center's management API to elevate privileges.

Vulnerability

A vulnerability in the management API of Cisco DNA Center allows an authenticated, remote attacker to elevate privileges in the context of the web-based management interface. This flaw is due to the unintended exposure of sensitive information in API responses. Affected versions are those prior to the fixed release; Cisco recommends consulting the advisory for exact version details [1].

Exploitation

An attacker must have at least valid Observer credentials to authenticate to the management API. By inspecting responses from the API, the attacker can obtain sensitive information that enables privilege escalation [1]. No additional user interaction is required beyond authentication with Observer-level credentials.

Impact

Successful exploitation allows the attacker to access the API with the privileges of a higher-level user account, leading to unauthorized elevation of privileges within the management interface. This could result in broader control over the Cisco DNA Center device [1].

Mitigation

Cisco has released free software updates to address this vulnerability. Customers with service contracts should obtain fixes through their usual update channels. The advisory provides details on fixed versions and workarounds [1]. If no fix can be applied, restrict API access to trusted users only.

References

Cisco Security Advisory: Cisco DNA Center Privilege Escalation Vulnerability

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./DNA Centerllm-fuzzy
Cisco/Cisco Digital Network Architecture Center (DNA Center)v5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RSmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000