CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20223
https://notcve.org/view.php?id=CVE-2023-20223
A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. Una vulnerabilidad en Cisco DNA Center podría permitir que un atacante remoto no autenticado lea y modifique datos en un repositorio que pertenece a un servicio interno en un dispositivo afectado. Esta vulnerabilidad se debe a una aplicación insuficiente del control de acceso en las solicitudes de API. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20184 – Cisco DNA Center Software API Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-20184
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20182 – Cisco DNA Center Software API Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-20182
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3 • CWE-20: Improper Input Validation CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20183 – Cisco DNA Center Software API Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-20183
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20055 – Cisco DNA Center Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-20055
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •