VYPR

Digital Network Architecture Center (DNA Center)

by Cisco Systems, Inc.

CVEs (35)

  • CVE-2018-0222CriMay 17, 2018
    risk 0.65cvss 10.0epss 0.04

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of…

  • CVE-2018-15386CriOct 5, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the…

  • CVE-2018-0448CriOct 5, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient…

  • CVE-2018-0271CriMay 17, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests.…

  • CVE-2021-1264CriJan 20, 2021
    risk 0.63cvss 9.6epss 0.04

    A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability…

  • CVE-2019-1848CriJun 20, 2019
    risk 0.61cvss 9.3epss 0.01

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system…

  • CVE-2018-0427HigAug 15, 2018
    risk 0.58cvss 8.8epss 0.06

    A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could…

  • CVE-2021-1303HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit…

  • CVE-2021-1257HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness…

  • CVE-2020-3281HigJun 3, 2020
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker…

  • CVE-2023-20223HigSep 27, 2023
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An…

  • CVE-2023-20055HigMar 23, 2023
    risk 0.52cvss 8.0epss 0.01

    A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive…

  • CVE-2018-0368HigJul 16, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker…

  • CVE-2024-20350HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could…

  • CVE-2020-3411HigAug 17, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this…

  • CVE-2021-1134HigJun 29, 2021
    risk 0.48cvss 7.4epss 0.01

    A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509…

  • CVE-2025-20210HigMay 7, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.…

  • CVE-2021-1265MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being…

  • CVE-2020-3391MedJul 2, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could…

  • CVE-2019-1841MedApr 18, 2019
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker…

Page 1 of 2