DNA Center
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15253 | 0.03 | — | 0.01 | Feb 5, 2020 | A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected… | |||
| CVE-2018-0268 | 0.01 | — | 0.10 | May 17, 2018 | A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the… | |||
| CVE-2023-20055 | 0.00 | — | 0.01 | Mar 23, 2023 | A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive… | |||
| CVE-2023-20059 | 0.00 | — | 0.00 | Mar 23, 2023 | A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is… | |||
| CVE-2022-20630 | 0.00 | — | 0.00 | Feb 10, 2022 | A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative… | |||
| CVE-2021-34782 | 0.00 | — | 0.00 | Oct 6, 2021 | A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on… | |||
| CVE-2021-1134 | 0.00 | — | 0.00 | Jun 29, 2021 | A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509… | |||
| CVE-2021-1264 | 0.00 | — | 0.01 | Jan 20, 2021 | A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability… | |||
| CVE-2021-1265 | 0.00 | — | 0.00 | Jan 20, 2021 | A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being… | |||
| CVE-2021-1303 | 0.00 | — | 0.00 | Jan 20, 2021 | A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit… | |||
| CVE-2021-1130 | 0.00 | — | 0.00 | Jan 13, 2021 | A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based… | |||
| CVE-2020-3466 | 0.00 | — | 0.00 | Aug 26, 2020 | Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the… | |||
| CVE-2020-3411 | 0.00 | — | 0.00 | Aug 17, 2020 | A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this… | |||
| CVE-2019-1841 | 0.00 | — | 0.01 | Apr 18, 2019 | A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker… | |||
| CVE-2019-1707 | 0.00 | — | 0.00 | Mar 11, 2019 | A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to… | |||
| CVE-2018-0368 | 0.00 | — | 0.00 | Jul 16, 2018 | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker… | |||
| CVE-2018-0271 | 0.00 | — | 0.03 | May 17, 2018 | A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests.… | |||
| CVE-2018-0222 | 0.00 | — | 0.02 | May 17, 2018 | A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of… |
- CVE-2019-15253Feb 5, 2020risk 0.03cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected…
- CVE-2018-0268May 17, 2018risk 0.01cvss —epss 0.10
A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the…
- CVE-2023-20055Mar 23, 2023risk 0.00cvss —epss 0.01
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive…
- CVE-2023-20059Mar 23, 2023risk 0.00cvss —epss 0.00
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is…
- CVE-2022-20630Feb 10, 2022risk 0.00cvss —epss 0.00
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative…
- CVE-2021-34782Oct 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on…
- CVE-2021-1134Jun 29, 2021risk 0.00cvss —epss 0.00
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509…
- CVE-2021-1264Jan 20, 2021risk 0.00cvss —epss 0.01
A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability…
- CVE-2021-1265Jan 20, 2021risk 0.00cvss —epss 0.00
A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being…
- CVE-2021-1303Jan 20, 2021risk 0.00cvss —epss 0.00
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit…
- CVE-2021-1130Jan 13, 2021risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based…
- CVE-2020-3466Aug 26, 2020risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the…
- CVE-2020-3411Aug 17, 2020risk 0.00cvss —epss 0.00
A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this…
- CVE-2019-1841Apr 18, 2019risk 0.00cvss —epss 0.01
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker…
- CVE-2019-1707Mar 11, 2019risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to…
- CVE-2018-0368Jul 16, 2018risk 0.00cvss —epss 0.00
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker…
- CVE-2018-0271May 17, 2018risk 0.00cvss —epss 0.03
A vulnerability in the API gateway of the Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests.…
- CVE-2018-0222May 17, 2018risk 0.00cvss —epss 0.02
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of…