Security News > 2021 > January > Cisco DNA Center Bug Opens Enterprises to Remote Attack

Cisco DNA Center Bug Opens Enterprises to Remote Attack
2021-01-25 17:53

A cross-site request forgery vulnerability in the Cisco Digital Network Architecture Center could open enterprise users to remote attack and takeover.

The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA. It carries a CVSS vulnerability-severity score of 7.1, making it high-severity.

The web-based management interface used for accessing and using the Cisco DNA Center has insufficient CSRF protections in software versions prior to 2.1.1.0.

Thus, the bug could allow an unauthenticated, remote attacker to "Conduct an attack to manipulate an authenticated user into executing malicious actions without their awareness or consent," according to Cisco's advisory, issued on Monday.

This vulnerability is fixed in Cisco DNA Center Software releases 2.1.1.0, 2.1.2.0, 2.1.2.3 and 2.1.2.4, and later.

A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center, according to Cisco.


News URL

https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2021-1257 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent.
network
low complexity
cisco mcafee CWE-352
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751