CVE-2024-20350 HIGH

CVE-2024-20350: Cisco Catalyst Center Static SSH Host Key Vulnerability

Vendor Cisco
Product Cisco Digital Network Architecture Center (DNA Center)
Weakness CWE-321
Published September 25, 2024
Last update September 27, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.

Key dates

02Disclosure timeline

September 25, 2024 CVE published
September 27, 2024 Record updated