CVSS: 7.6EPSS: 0%CPEs: 46EXPL: 0CVE-2024-20350 – Cisco Catalyst Center Static SSH Host Key Vulnerability
https://notcve.org/view.php?id=CVE-2024-20350
25 Sep 2024 — A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the a... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20333
https://notcve.org/view.php?id=CVE-2024-20333
27 Mar 2024 — A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb • CWE-285: Improper Authorization •