Digital Network Architecture Center (DNA Center)
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-1303 | 0.00 | — | 0.00 | Jan 20, 2021 | A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit… | |||
| CVE-2021-1130 | 0.00 | — | 0.00 | Jan 13, 2021 | A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based… | |||
| CVE-2020-3466 | 0.00 | — | 0.00 | Aug 26, 2020 | Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the… | |||
| CVE-2020-3411 | 0.00 | — | 0.00 | Aug 17, 2020 | A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this… | |||
| CVE-2020-3391 | 0.00 | — | 0.00 | Jul 2, 2020 | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could… | |||
| CVE-2020-3281 | 0.00 | — | 0.00 | Jun 3, 2020 | A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker… | |||
| CVE-2019-1848 | 0.00 | — | 0.00 | Jun 20, 2019 | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system… | |||
| CVE-2018-15386 | 0.00 | — | 0.00 | Oct 5, 2018 | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the… | |||
| CVE-2018-0448 | 0.00 | — | 0.01 | Oct 5, 2018 | A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient… | |||
| CVE-2018-0427 | 0.00 | — | 0.02 | Aug 15, 2018 | A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could… | |||
| CVE-2018-0269 | 0.00 | — | 0.01 | Apr 19, 2018 | A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource… |
- CVE-2021-1303Jan 20, 2021risk 0.00cvss —epss 0.00
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit…
- CVE-2021-1130Jan 13, 2021risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based…
- CVE-2020-3466Aug 26, 2020risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the…
- CVE-2020-3411Aug 17, 2020risk 0.00cvss —epss 0.00
A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this…
- CVE-2020-3391Jul 2, 2020risk 0.00cvss —epss 0.00
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could…
- CVE-2020-3281Jun 3, 2020risk 0.00cvss —epss 0.00
A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker…
- CVE-2019-1848Jun 20, 2019risk 0.00cvss —epss 0.00
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system…
- CVE-2018-15386Oct 5, 2018risk 0.00cvss —epss 0.00
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the…
- CVE-2018-0448Oct 5, 2018risk 0.00cvss —epss 0.01
A vulnerability in the identity management service of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and take complete control of identity management functions. The vulnerability is due to insufficient…
- CVE-2018-0427Aug 15, 2018risk 0.00cvss —epss 0.02
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could…
- CVE-2018-0269Apr 19, 2018risk 0.00cvss —epss 0.01
A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource…
Page 2 of 2