CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2024-20333
https://notcve.org/view.php?id=CVE-2024-20333
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Catalyst Center, anteriormente Cisco DNA Center, podría permitir que un atacante remoto autenticado cambie datos específicos dentro de la interfaz de un dispositivo afectado. Esta vulnerabilidad se debe a una aplicación insuficiente de la autorización. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccc-authz-bypass-5EKchJRb • CWE-285: Improper Authorization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20223
https://notcve.org/view.php?id=CVE-2023-20223
A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. Una vulnerabilidad en Cisco DNA Center podría permitir que un atacante remoto no autenticado lea y modifique datos en un repositorio que pertenece a un servicio interno en un dispositivo afectado. Esta vulnerabilidad se debe a una aplicación insuficiente del control de acceso en las solicitudes de API. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20184 – Cisco DNA Center Software API Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-20184
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20182 – Cisco DNA Center Software API Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-20182
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3 • CWE-20: Improper Input Validation CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20183 – Cisco DNA Center Software API Vulnerabilities
https://notcve.org/view.php?id=CVE-2023-20183
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •