Vulnerabilities > Cisco > DNA Center > 1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-20223 | Unspecified vulnerability in Cisco DNA Center A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. | 8.2 |
| 2023-05-18 | CVE-2023-20182 | Improper Input Validation vulnerability in Cisco DNA Center Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. | 8.8 |
| 2023-05-18 | CVE-2023-20183 | Files or Directories Accessible to External Parties vulnerability in Cisco DNA Center Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. | 4.3 |
| 2023-05-18 | CVE-2023-20184 | Files or Directories Accessible to External Parties vulnerability in Cisco DNA Center Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. | 4.3 |
| 2023-03-23 | CVE-2023-20055 | Unspecified vulnerability in Cisco DNA Center A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. | 8.8 |
| 2023-03-23 | CVE-2023-20059 | Cleartext Storage of Sensitive Information vulnerability in Cisco DNA Center A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. | 6.5 |
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion CWE-502 critical | 10.0 |
| 2021-10-06 | CVE-2021-34782 | Unspecified vulnerability in Cisco DNA Center A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. | 4.3 |
| 2021-06-29 | CVE-2021-1134 | Improper Certificate Validation vulnerability in Cisco DNA Center A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. | 5.8 |
| 2021-01-20 | CVE-2021-1303 | Incorrect Privilege Assignment vulnerability in Cisco DNA Center A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. | 6.5 |