Lucene search

CiscoCVELIST:CVE-2024-20333

HistoryMar 27, 2024 - 4:43 p.m.

CVE-2024-20333

2024-03-2716:43:33

cisco

www.cve.org

cisco catalyst center

vulnerability

web-based management

unauthorized access

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device.

This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Digital Network Architecture Center (DNA Center)",
    "versions": [
      {
        "version": "2.1.2.0",
        "status": "affected"
      },
      {
        "version": "2.1.2.3",
        "status": "affected"
      },
      {
        "version": "2.1.2.4",
        "status": "affected"
      },
      {
        "version": "2.1.2.5",
        "status": "affected"
      },
      {
        "version": "2.1.2.6",
        "status": "affected"
      },
      {
        "version": "2.1.2.7",
        "status": "affected"
      },
      {
        "version": "2.1.2.8",
        "status": "affected"
      },
      {
        "version": "2.2.2.3",
        "status": "affected"
      },
      {
        "version": "2.2.1.3",
        "status": "affected"
      },
      {
        "version": "2.2.2.4",
        "status": "affected"
      },
      {
        "version": "2.2.2.5",
        "status": "affected"
      },
      {
        "version": "2.2.2.8",
        "status": "affected"
      },
      {
        "version": "2.2.3.4",
        "status": "affected"
      },
      {
        "version": "2.2.3.3",
        "status": "affected"
      },
      {
        "version": "2.2.2.6",
        "status": "affected"
      },
      {
        "version": "2.2.3.5",
        "status": "affected"
      },
      {
        "version": "2.2.2.9",
        "status": "affected"
      },
      {
        "version": "2.2.3.6",
        "status": "affected"
      },
      {
        "version": "2.3.3.4",
        "status": "affected"
      },
      {
        "version": "2.3.3.5",
        "status": "affected"
      },
      {
        "version": "2.3.3.6",
        "status": "affected"
      },
      {
        "version": "2.3.3.7",
        "status": "affected"
      },
      {
        "version": "2.3.5.3",
        "status": "affected"
      },
      {
        "version": "VA Launchpad 1.2.1",
        "status": "affected"
      },
      {
        "version": "VA Launchpad 1.3.0",
        "status": "affected"
      },
      {
        "version": "VA Launchpad 1.5.0",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-20333