Digital Network Architecture Center (DNA Center)
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20349 | Med | 0.41 | 6.3 | 0.00 | Nov 13, 2025 | A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request… | ||
| CVE-2025-20353 | Med | 0.40 | 6.1 | 0.00 | Nov 13, 2025 | A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient… | ||
| CVE-2020-3466 | Med | 0.40 | 6.1 | 0.01 | Aug 26, 2020 | Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the… | ||
| CVE-2023-20184 | Med | 0.35 | 5.4 | 0.00 | May 18, 2023 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more… | ||
| CVE-2023-20183 | Med | 0.35 | 5.4 | 0.00 | May 18, 2023 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more… | ||
| CVE-2023-20182 | Med | 0.35 | 5.4 | 0.01 | May 18, 2023 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more… | ||
| CVE-2019-1707 | Med | 0.35 | 5.4 | 0.01 | Mar 11, 2019 | A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to… | ||
| CVE-2019-15253 | Med | 0.34 | 4.8 | 0.03 | Feb 5, 2020 | A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected… | ||
| CVE-2025-20223 | Med | 0.31 | 4.7 | 0.00 | May 7, 2025 | A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of… | ||
| CVE-2021-1130 | Med | 0.31 | 4.8 | 0.01 | Jan 13, 2021 | A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based… | ||
| CVE-2022-20630 | Med | 0.29 | 4.4 | 0.00 | Feb 10, 2022 | A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative… | ||
| CVE-2025-20346 | Med | 0.28 | 4.3 | 0.00 | Nov 13, 2025 | A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control… | ||
| CVE-2024-20333 | Med | 0.28 | 4.3 | 0.00 | Mar 27, 2024 | A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization… | ||
| CVE-2023-20059 | Med | 0.28 | 4.3 | 0.00 | Mar 23, 2023 | A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is… | ||
| CVE-2021-34782 | Med | 0.28 | 4.3 | 0.01 | Oct 6, 2021 | A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on… |
- risk 0.41cvss 6.3epss 0.00
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request…
- risk 0.40cvss 6.1epss 0.00
A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient…
- risk 0.40cvss 6.1epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the…
- risk 0.35cvss 5.4epss 0.00
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…
- risk 0.35cvss 5.4epss 0.00
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…
- risk 0.35cvss 5.4epss 0.01
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…
- risk 0.35cvss 5.4epss 0.01
A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to…
- risk 0.34cvss 4.8epss 0.03
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…
- risk 0.31cvss 4.7epss 0.00
A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of…
- risk 0.31cvss 4.8epss 0.01
A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based…
- risk 0.29cvss 4.4epss 0.00
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative…
- risk 0.28cvss 4.3epss 0.00
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control…
- risk 0.28cvss 4.3epss 0.00
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization…
- risk 0.28cvss 4.3epss 0.00
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is…
- risk 0.28cvss 4.3epss 0.01
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on…
Page 2 of 2