Lucene search

CiscoCVELIST:CVE-2021-1303

HistoryJan 20, 2021 - 7:55 p.m.

CVE-2021-1303 Cisco DNA Center Privilege Escalation Vulnerability

2021-01-2019:55:31

CWE-266

cisco

www.cve.org

vulnerability

cisco dna center

privilege escalation

user management

remote attacker

unauthorized commands

improper enforcement

observer role

diagnostic information.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.9

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.

CNA Affected

[
  {
    "product": "Cisco Digital Network Architecture Center (DNA Center)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-6qjA3hVh

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.9

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

Related for CVELIST:CVE-2021-1303