2 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0

CVE-2025-20210 – Cisco Catalyst Center Unprotected API Endpoint

https://notcve.org/view.php?id=CVE-2025-20210

07 May 2025 — A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt in... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.6EPSS: 0%CPEs: 46EXPL: 0

CVE-2024-20350 – Cisco Catalyst Center Static SSH Host Key Vulnerability

https://notcve.org/view.php?id=CVE-2024-20350

25 Sep 2024 — A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the a... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj • CWE-321: Use of Hard-coded Cryptographic Key •