VYPR

DNA Center

by Cisco Systems, Inc.

CVEs (20)

  • CVE-2018-0268CriMay 17, 2018
    risk 0.65cvss 10.0epss 0.05

    A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the…

  • CVE-2021-1264CriJan 20, 2021
    risk 0.63cvss 9.6epss 0.04

    A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability…

  • CVE-2021-1303HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit…

  • CVE-2021-1257HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness…

  • CVE-2023-20223HigSep 27, 2023
    risk 0.56cvss 8.6epss 0.00

    A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An…

  • CVE-2023-20055HigMar 23, 2023
    risk 0.52cvss 8.0epss 0.01

    A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive…

  • CVE-2024-20350HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could…

  • CVE-2020-3411HigAug 17, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this…

  • CVE-2025-20210HigMay 7, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint.…

  • CVE-2021-1265MedJan 20, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being…

  • CVE-2019-1841MedApr 18, 2019
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker…

  • CVE-2020-3466MedAug 26, 2020
    risk 0.40cvss 6.1epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the…

  • CVE-2023-20184MedMay 18, 2023
    risk 0.35cvss 5.4epss 0.00

    Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…

  • CVE-2019-1707MedMar 11, 2019
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to…

  • CVE-2021-1130MedJan 13, 2021
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based…

  • CVE-2022-20630MedFeb 10, 2022
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative…

  • CVE-2024-20333MedMar 27, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization…

  • CVE-2023-20059MedMar 23, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is…

  • CVE-2021-34782MedOct 6, 2021
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on…

  • CVE-2018-0269MedApr 19, 2018
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource…