Cisco DNA Center Software API Vulnerabilities

Vulnerability

Multiple vulnerabilities exist in the API of Cisco DNA Center Software, as described in reference [1]. These include CVE-2023-20182 (command injection), CVE-2023-20183 (information disclosure), and CVE-2023-20184 itself (user enumeration). The flaws arise from insufficient validation of user-supplied input in API requests, allowing authenticated remote attackers to execute arbitrary commands in a restricted container as root, read restricted container information, or enumerate user information. All vulnerable versions of Cisco DNA Center Software prior to the fixed releases are affected [1].

Exploitation

An attacker must have valid authentication credentials to the Cisco DNA Center API; no additional privileges are required beyond that access. By crafting malicious API requests with specially crafted parameters, the attacker can trigger command injection, bypass container boundaries, or enumerate users. The vulnerabilities are independent, and exploitation of one does not require another [1].

Impact

Successful exploitation can lead to arbitrary command execution with root privileges within a restricted container, reading sensitive information from that container, or enumerating usernames on the system. This results in a compromise of confidentiality and integrity within the restricted container, potentially enabling further lateral movement or privilege escalation [1].

Mitigation

Cisco has released software updates that fix these vulnerabilities. As of the advisory publication, there are no workarounds. Users should upgrade to the latest patched version of Cisco DNA Center Software as specified in the Cisco Security Advisory [1].