Cisco DNA Center Information Disclosure Vulnerability
Description
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated, low-privileged attacker can read sensitive configuration files in clear text via the Cisco DNA Center PnP agent due to improper RBAC.
Vulnerability
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center allows an authenticated, remote attacker to view sensitive information in clear text. The flaw is due to improper role-based access control (RBAC) with the integration of PnP [1]. Affected versions include Cisco DNA Center Software releases 2.3.2 and earlier, 2.3.3 (fixed in 2.3.3.7), 2.3.4, and 2.3.5 (fixed in 2.3.5.0) [1].
Exploitation
An attacker must have valid low-privileged user credentials and network access to the device. The attacker can exploit the vulnerability by authenticating to the device and sending a crafted query to an internal API [1]. No additional privileges or user interaction beyond authentication are required.
Impact
A successful exploit allows the attacker to view sensitive information in clear text, which may include configuration files [1]. This is a confidentiality impact that could expose network topology, credentials, or other secrets contained in configuration data.
Mitigation
Cisco has released fixed versions: 2.3.3.7 for the 2.3.3 train and 2.3.5.0 for the 2.3.5 train. Users on 2.3.2 and earlier or 2.3.4 should migrate to a fixed release by using the System Updates feature of Cisco DNA Center [1]. No workarounds are documented; upgrading is required.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Digital Network Architecture Center (DNA Center)v5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.