Lucene search

CiscoCVELIST:CVE-2022-20630

HistoryFeb 10, 2022 - 5:06 p.m.

CVE-2022-20630 Cisco DNA Center Information Disclosure Vulnerability

2022-02-1017:06:35

CWE-200

cisco

www.cve.org

cisco

dna center

vulnerability

unauthorized access

sensitive information

cli

user credentials

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials.

CNA Affected

[
  {
    "product": "Cisco Digital Network Architecture Center (DNA Center)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-20630