CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20333
https://notcve.org/view.php?id=CVE-2024-20333
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Catalyst Center, anteriormente Cisco DNA Center, podría permitir que un atacante remoto autenticado cambie datos específicos dentro de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una aplicación insuficiente de la autorización. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3391 – Cisco Digital Network Architecture Center Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3391
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. Una vulnerabilidad en Cisco Digital Network Architecture (DNA) Center, podría permitir a un atacante remoto autenticado visualizar información confidencial en texto sin cifrar. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-6xsCyDYy • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3281 – Cisco Digital Network Architecture Center Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3281
A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. Una vulnerabilidad en el componente audit logging de Cisco Digital Network Architecture (DNA) Center, podría permitir a un atacante remoto autenticado visualizar información confidencial en texto sin cifrar. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-audit-log-59RBdwb6 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1848 – Cisco DNA Center Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-1848
A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access. Una vulnerabilidad en Digital Network Architecture (DNA) Center de Cisco podría permitir a un atacante adyacente no autenticado omitir la autenticación y acceder a servicios internos críticos. • http://www.securityfocus.com/bid/108837 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1675 – Cisco Aironet Active Sensor Static Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2019-1675
A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. • http://www.securityfocus.com/bid/106944 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-aas-creds • CWE-798: Use of Hard-coded Credentials •