CVE-2023-20182 MEDIUM

CVE-2023-20182: Cisco DNA Center Software API Vulnerabilities

Vendor Cisco
Product Cisco Digital Network Architecture Center (DNA Center)
Weakness CWE-285
Published May 18, 2023
Last update October 25, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.

Key dates

02Disclosure timeline

May 18, 2023 CVE published
October 25, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-41137 Bypassing policy restrictions on regular users CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-4654 Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion CVE-2026-40259 SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API