CVE-2022-20630 MEDIUM

CVE-2022-20630: Cisco DNA Center Information Disclosure Vulnerability

Vendor Cisco

Product Cisco Digital Network Architecture Center (DNA Center)

Weakness CWE-200 · Info exposure

Published February 10, 2022

Last update November 6, 2024

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials.

Key dates

02Disclosure timeline

February 10, 2022 CVE published

November 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-20630 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2022-20630

CWE CWE-200

CVSS 4.4 / MEDIUM

Affected versions