Security News > 2021 > January > Cisco DNA Center Bug Opens Enterprises to Remote Attack
A cross-site request forgery vulnerability in the Cisco Digital Network Architecture Center could open enterprise users to remote attack and takeover.
The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA. It carries a CVSS vulnerability-severity score of 7.1, making it high-severity.
The web-based management interface used for accessing and using the Cisco DNA Center has insufficient CSRF protections in software versions prior to 2.1.1.0.
Thus, the bug could allow an unauthenticated, remote attacker to "Conduct an attack to manipulate an authenticated user into executing malicious actions without their awareness or consent," according to Cisco's advisory, issued on Monday.
This vulnerability is fixed in Cisco DNA Center Software releases 2.1.1.0, 2.1.2.0, 2.1.2.3 and 2.1.2.4, and later.
A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center, according to Cisco.
News URL
https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-20 | CVE-2021-1257 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. | 8.8 |