Access Control Issues Found in Cisco DNA Center
CVE-2023-20223

8.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Digital Network Architecture Center (DNA Center)
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-20223?

A vulnerability in Cisco DNA Center enables an unauthenticated remote attacker to read and modify sensitive data from an internal service on affected devices. This issue stems from inadequate enforcement of access controls on API requests. An attacker could exploit this flaw by sending specifically crafted API requests to the device, potentially allowing them to gain unauthorized access and manipulate critical data within the repository.

Affected Version(s)

Cisco Digital Network Architecture Center (DNA Center) 2.2.1.3

Cisco Digital Network Architecture Center (DNA Center) 2.2.3.4

Cisco Digital Network Architecture Center (DNA Center) 2.2.3.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Oct 27, 2022