Lucene search

[email protected]CVE-2024-20333

HistoryMar 27, 2024 - 5:15 p.m.

CVE-2024-20333

2024-03-2717:15:53

CWE-285

[email protected]

web.nvd.nist.gov

cisco catalyst center

web interface

vulnerability

authorization enforcement

http request

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device.

This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Digital Network Architecture Center (DNA Center)",
    "versions": [
      {
        "version": "2.1.2.0",
        "status": "affected"
      },
      {
        "version": "2.1.2.3",
        "status": "affected"
      },
      {
        "version": "2.1.2.4",
        "status": "affected"
      },
      {
        "version": "2.1.2.5",
        "status": "affected"
      },
      {
        "version": "2.1.2.6",
        "status": "affected"
      },
      {
        "version": "2.1.2.7",
        "status": "affected"
      },
      {
        "version": "2.1.2.8",
        "status": "affected"
      },
      {
        "version": "2.2.2.3",
        "status": "affected"
      },
      {
        "version": "2.2.1.3",
        "status": "affected"
      },
      {
        "version": "2.2.2.4",
        "status": "affected"
      },
      {
        "version": "2.2.2.5",
        "status": "affected"
      },
      {
        "version": "2.2.2.8",
        "status": "affected"
      },
      {
        "version": "2.2.3.4",
        "status": "affected"
      },
      {
        "version": "2.2.3.3",
        "status": "affected"
      },
      {
        "version": "2.2.2.6",
        "status": "affected"
      },
      {
        "version": "2.2.3.5",
        "status": "affected"
      },
      {
        "version": "2.2.2.9",
        "status": "affected"
      },
      {
        "version": "2.2.3.6",
        "status": "affected"
      },
      {
        "version": "2.3.3.4",
        "status": "affected"
      },
      {
        "version": "2.3.3.5",
        "status": "affected"
      },
      {
        "version": "2.3.3.6",
        "status": "affected"
      },
      {
        "version": "2.3.3.7",
        "status": "affected"
      },
      {
        "version": "2.3.5.3",
        "status": "affected"
      },
      {
        "version": "VA Launchpad 1.2.1",
        "status": "affected"
      },
      {
        "version": "VA Launchpad 1.3.0",
        "status": "affected"
      },
      {
        "version": "VA Launchpad 1.5.0",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-20333

nvd1 cisco1 cvelist1