Digital Network Architecture Center (DNA Center)
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15253 | 0.03 | — | 0.01 | Feb 5, 2020 | A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected… | |||
| CVE-2025-20346 | 0.00 | — | 0.00 | Nov 13, 2025 | A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control… | |||
| CVE-2025-20353 | 0.00 | — | 0.00 | Nov 13, 2025 | A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient… | |||
| CVE-2025-20349 | 0.00 | — | 0.00 | Nov 13, 2025 | A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request… | |||
| CVE-2025-20223 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of… | |||
| CVE-2025-20210 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.… | |||
| CVE-2024-20350 | 0.00 | — | 0.03 | Sep 25, 2024 | A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could… | |||
| CVE-2024-20333 | 0.00 | — | 0.00 | Mar 27, 2024 | A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization… | |||
| CVE-2023-20223 | 0.00 | — | 0.00 | Sep 27, 2023 | A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An… | |||
| CVE-2023-20182 | 0.00 | — | 0.00 | May 18, 2023 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more… | |||
| CVE-2023-20183 | 0.00 | — | 0.00 | May 18, 2023 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more… | |||
| CVE-2023-20184 | 0.00 | — | 0.00 | May 18, 2023 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more… | |||
| CVE-2023-20055 | 0.00 | — | 0.01 | Mar 23, 2023 | A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive… | |||
| CVE-2023-20059 | 0.00 | — | 0.00 | Mar 23, 2023 | A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is… | |||
| CVE-2022-20630 | 0.00 | — | 0.00 | Feb 10, 2022 | A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative… | |||
| CVE-2021-34782 | 0.00 | — | 0.00 | Oct 6, 2021 | A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on… | |||
| CVE-2021-1134 | 0.00 | — | 0.00 | Jun 29, 2021 | A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509… | |||
| CVE-2021-1257 | 0.00 | — | 0.00 | Jan 20, 2021 | A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness… | |||
| CVE-2021-1264 | 0.00 | — | 0.01 | Jan 20, 2021 | A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability… | |||
| CVE-2021-1265 | 0.00 | — | 0.00 | Jan 20, 2021 | A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being… |
- CVE-2019-15253Feb 5, 2020risk 0.03cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…
- CVE-2025-20346Nov 13, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control…
- CVE-2025-20353Nov 13, 2025risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient…
- CVE-2025-20349Nov 13, 2025risk 0.00cvss —epss 0.00
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request…
- CVE-2025-20223May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of…
- CVE-2025-20210May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.…
- CVE-2024-20350Sep 25, 2024risk 0.00cvss —epss 0.03
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could…
- CVE-2024-20333Mar 27, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization…
- CVE-2023-20223Sep 27, 2023risk 0.00cvss —epss 0.00
A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An…
- CVE-2023-20182May 18, 2023risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…
- CVE-2023-20183May 18, 2023risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…
- CVE-2023-20184May 18, 2023risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…
- CVE-2023-20055Mar 23, 2023risk 0.00cvss —epss 0.01
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive…
- CVE-2023-20059Mar 23, 2023risk 0.00cvss —epss 0.00
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is…
- CVE-2022-20630Feb 10, 2022risk 0.00cvss —epss 0.00
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative…
- CVE-2021-34782Oct 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on…
- CVE-2021-1134Jun 29, 2021risk 0.00cvss —epss 0.00
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509…
- CVE-2021-1257Jan 20, 2021risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness…
- CVE-2021-1264Jan 20, 2021risk 0.00cvss —epss 0.01
A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability…
- CVE-2021-1265Jan 20, 2021risk 0.00cvss —epss 0.00
A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being…
Page 1 of 2