Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for Catalyst Center by Cisco

    CERTFR-2025-AVI-1006

    Vulnerability from certfr_avis - Published: 2025-11-14 - Updated: 2025-11-14

    Une vulnérabilité a été découverte dans Cisco Catalyst Center. Elle permet à un attaquant de provoquer une élévation de privilèges.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Cisco Catalyst Center Catalyst Center versions ultérieures à 2.3.7.3-VA et antérieures à 2.3.7.10-VA sur VMware ESXi
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Catalyst Center versions ult\u00e9rieures \u00e0 2.3.7.3-VA et ant\u00e9rieures \u00e0 2.3.7.10-VA sur VMware ESXi",
          "product": {
            "name": "Catalyst Center",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-20341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20341"
        }
      ],
      "initial_release_date": "2025-11-14T00:00:00",
      "last_revision_date": "2025-11-14T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1006",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-14T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Catalyst Center. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
      "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Catalyst Center",
      "vendor_advisories": [
        {
          "published_at": "2025-11-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-catc-priv-esc-VS8EeCuX",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX"
        }
      ]
    }

    CERTFR-2025-AVI-0378

    Vulnerability from certfr_avis - Published: 2025-05-09 - Updated: 2025-05-09

    De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Cisco Catalyst Center Catalyst Center versions antérieures à 2.3.7.9
    Cisco Catalyst SD-WAN Catalyst SD-WAN Manager versions 20.13.x, 20.14.x et 20.15.x antérieures à 20.15.2
    Cisco Catalyst SD-WAN Catalyst SD-WAN Manager versions 20.16.x antérieures à 20.16.1
    Cisco IOS XR IOS XR versions antérieures à 24.3.2
    Cisco WLC AireOS WLC AireOS versions antérieures à 8.10.196.0
    Cisco Catalyst SD-WAN Catalyst SD-WAN Manager versions antérieures à 20.9.7
    Cisco IOS XE IOS XE : Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des configurations vulnérables des équipements (cf. section Documentation).
    Cisco Catalyst SD-WAN Catalyst SD-WAN Manager versions 20.10.x, 20.11.x et 20.12.x antérieures à 20.12.5

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Catalyst Center versions ant\u00e9rieures \u00e0 2.3.7.9",
          "product": {
            "name": "Catalyst Center",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "Catalyst SD-WAN Manager versions 20.13.x, 20.14.x et 20.15.x  ant\u00e9rieures \u00e0 20.15.2",
          "product": {
            "name": "Catalyst SD-WAN",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "Catalyst SD-WAN Manager versions 20.16.x ant\u00e9rieures \u00e0 20.16.1",
          "product": {
            "name": "Catalyst SD-WAN",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "IOS XR  versions ant\u00e9rieures \u00e0 24.3.2",
          "product": {
            "name": "IOS XR",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "WLC AireOS versions ant\u00e9rieures \u00e0 8.10.196.0",
          "product": {
            "name": "WLC AireOS",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "Catalyst SD-WAN Manager versions ant\u00e9rieures \u00e0 20.9.7",
          "product": {
            "name": "Catalyst SD-WAN",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "IOS XE : Se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des configurations vuln\u00e9rables des \u00e9quipements (cf. section Documentation).",
          "product": {
            "name": "IOS XE",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "Catalyst SD-WAN Manager versions 20.10.x, 20.11.x et 20.12.x ant\u00e9rieures \u00e0 20.12.5",
          "product": {
            "name": "Catalyst SD-WAN",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-20189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20189"
        },
        {
          "name": "CVE-2025-20192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20192"
        },
        {
          "name": "CVE-2025-20199",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20199"
        },
        {
          "name": "CVE-2025-20191",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20191"
        },
        {
          "name": "CVE-2025-20188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20188"
        },
        {
          "name": "CVE-2025-20198",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20198"
        },
        {
          "name": "CVE-2025-20181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20181"
        },
        {
          "name": "CVE-2025-20122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20122"
        },
        {
          "name": "CVE-2025-20202",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20202"
        },
        {
          "name": "CVE-2025-20210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20210"
        },
        {
          "name": "CVE-2025-20162",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20162"
        },
        {
          "name": "CVE-2025-20200",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20200"
        },
        {
          "name": "CVE-2025-20154",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20154"
        },
        {
          "name": "CVE-2025-20140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20140"
        },
        {
          "name": "CVE-2025-20201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20201"
        },
        {
          "name": "CVE-2025-20186",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20186"
        },
        {
          "name": "CVE-2025-20182",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20182"
        },
        {
          "name": "CVE-2025-20197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20197"
        },
        {
          "name": "CVE-2025-20164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20164"
        }
      ],
      "initial_release_date": "2025-05-09T00:00:00",
      "last_revision_date": "2025-05-09T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0378",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-09T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
      "vendor_advisories": [
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ikev1-dos-XHk3HzFC",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ikev1-dos-XHk3HzFC"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-twamp-kV4FHugn",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-twamp-kV4FHugn"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-privesc-su7scvdp",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-privesc-su7scvdp"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sisf-dos-ZGwt4DdY",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sisf-dos-ZGwt4DdY"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-cmdinj-gVn3OKNC",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-gVn3OKNC"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-http-privesc-wCRd5e3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-privesc-wCRd5e3"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-cdp-dos-fpeks9K",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-cdp-dos-fpeks9K"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-wncd-p6Gvt6HL",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-p6Gvt6HL"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dnac-api-nBPZcJCM",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-c2960-3560-sboot-ZtqADrHq",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-multiprod-ikev2-dos-gPctUqv2",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multiprod-ikev2-dos-gPctUqv2"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-priviesc-WCk7bmmt",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-file-uplpd-rHZG9UfC",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC"
        },
        {
          "published_at": "2025-05-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcpsn-dos-xBn8Mtks"
        }
      ]
    }

    CERTFR-2024-AVI-0813

    Vulnerability from certfr_avis - Published: 2024-09-26 - Updated: 2024-09-26

    De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une injection de requêtes illégitimes par rebond (CSRF) et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    L'éditeur indique que les versions 2.3.6.x de Catalyst Center sont également affectées par la vulnérabilité CVE-2024-20350 mais ne bénéficieront pas d'un correctif de sécurité.

    Impacted products
    Vendor Product Description
    Cisco IOS IOs avec la fonctionnalité RSVP activée sans les derniers correctifs de sécurité (se référer au site de l'éditeur pour les versions affectées)
    Cisco Catalyst SD-WAN 1000 Series Integrated Services Routers (ISRs), Catalyst 8000v Edge Software, Catalyst 8200 Series Edge Platforms, Catalyst 8300 Series Edge Platforms, Catalyst 8500L Edge Platforms, Catalyst IR8300 Rugged Series Routers avec la fonctionnalité UTD installée et activée, avec des tunnels SD-WAN configurés pour utiliser IPSec et sans les derniers correctifs de sécurité
    Cisco Catalyst Center Catalyst Center versions 2.3.7.x antérieures à 2.3.7.5
    Cisco IOS XE IOS XE sans les derniers correctifs de sécurité (se référer au site de l'éditeur pour les versions affectées)
    Cisco Catalyst Center Catalyst Center versions antérieures à 2.3.5.6

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "IOs avec la fonctionnalit\u00e9 RSVP activ\u00e9e sans les derniers correctifs de s\u00e9curit\u00e9 (se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
          "product": {
            "name": "IOS",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "1000 Series Integrated Services Routers (ISRs), Catalyst 8000v Edge Software, Catalyst 8200 Series Edge Platforms, Catalyst 8300 Series Edge Platforms, Catalyst 8500L Edge Platforms, Catalyst IR8300 Rugged Series Routers avec la fonctionnalit\u00e9 UTD install\u00e9e et activ\u00e9e, avec des tunnels SD-WAN configur\u00e9s pour utiliser IPSec et sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "Catalyst SD-WAN",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "Catalyst Center versions 2.3.7.x ant\u00e9rieures \u00e0 2.3.7.5",
          "product": {
            "name": "Catalyst Center",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "IOS XE sans les derniers correctifs de s\u00e9curit\u00e9 (se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
          "product": {
            "name": "IOS XE",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        },
        {
          "description": "Catalyst Center versions ant\u00e9rieures \u00e0 2.3.5.6",
          "product": {
            "name": "Catalyst Center",
            "vendor": {
              "name": "Cisco",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 2.3.6.x de Catalyst Center sont \u00e9galement affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2024-20350 mais ne b\u00e9n\u00e9ficieront pas d\u0027un correctif de s\u00e9curit\u00e9. ",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-20480",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20480"
        },
        {
          "name": "CVE-2024-20437",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20437"
        },
        {
          "name": "CVE-2024-20455",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20455"
        },
        {
          "name": "CVE-2024-20350",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20350"
        },
        {
          "name": "CVE-2024-20464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20464"
        },
        {
          "name": "CVE-2024-20436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20436"
        },
        {
          "name": "CVE-2024-20433",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20433"
        },
        {
          "name": "CVE-2024-20467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20467"
        }
      ],
      "initial_release_date": "2024-09-26T00:00:00",
      "last_revision_date": "2024-09-26T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0813",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-09-26T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
      "vendor_advisories": [
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-csrf-ycUYxkKO",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-pim-APbVfySJ",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dnac-ssh-e4uOdASj",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rsvp-dos-OypvgVZf",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rsvp-dos-OypvgVZf"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-xe-sda-edge-dos-MBcbG9k",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-utd-dos-hDATqxs",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-httpsrvr-dos-yOZThut",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut"
        },
        {
          "published_at": "2024-09-25",
          "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cpp-vfr-dos-nhHKGgO",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO"
        }
      ]
    }

    VAR-201903-0358

    Vulnerability from variot - Updated: 2025-07-25 00:00

    A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco DNA Center versions prior to 1.2.5 are affected. Cisco DNA Center Access Contract is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvk51466. The solution scales and protects devices, applications, and more within the network

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0358",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.5"
          },
          {
            "model": "dna center",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.2.5"
          },
          {
            "model": "dna center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "107315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:cisco:dna_center",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "107315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-1707",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-1707",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-149279",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2019-1707",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 2.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-1707",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2019-1707",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-1707",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201903-205",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-149279",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-149279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco DNA Center versions prior to 1.2.5 are affected. Cisco DNA Center Access Contract is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThis issue is being tracked by Cisco Bug ID CSCvk51466. The solution scales and protects devices, applications, and more within the network",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "BID",
            "id": "107315"
          },
          {
            "db": "VULHUB",
            "id": "VHN-149279"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-1707",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "107315",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0712",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-149279",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-149279"
          },
          {
            "db": "BID",
            "id": "107315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "id": "VAR-201903-0358",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-149279"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-25T00:00:05.820000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190306-dna-xss",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-dna-xss"
          },
          {
            "title": "Cisco Digital Network Architecture Center Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89875"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-149279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/107315"
          },
          {
            "trust": 2.0,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190306-dna-xss"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1707"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1707"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/76626"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-149279"
          },
          {
            "db": "BID",
            "id": "107315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-149279"
          },
          {
            "db": "BID",
            "id": "107315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-149279"
          },
          {
            "date": "2019-03-06T00:00:00",
            "db": "BID",
            "id": "107315"
          },
          {
            "date": "2019-04-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "date": "2019-03-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          },
          {
            "date": "2019-03-11T21:29:01.170000",
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-149279"
          },
          {
            "date": "2019-03-06T00:00:00",
            "db": "BID",
            "id": "107315"
          },
          {
            "date": "2019-04-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2019-1707"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco DNA Center Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002396"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-205"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-1098

    Vulnerability from variot - Updated: 2025-07-24 23:59

    A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202202-1098",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.1.2.0"
          },
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.2.8"
          },
          {
            "model": "catalyst center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.3.0"
          },
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.3.4"
          },
          {
            "model": "cisco dna center",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "cve": "CVE-2022-20630",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-20630",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-405183",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "id": "CVE-2022-20630",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-20630",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-20630",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2022-20630",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-20630",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-119",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-405183",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-20630",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20630"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-20630",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020209",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-405183",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20630",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "id": "VAR-202202-1098",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-405183"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:59:38.937000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dnac-info-disc-8QEynKEj",
            "trust": 0.8,
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj"
          },
          {
            "title": "Cisco DNA Center Repair measures for log information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180213"
          },
          {
            "title": "Cisco: Cisco DNA Center Information Disclosure Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnac-info-disc-8QEynKEj"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-20630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-532",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "Information leakage from log files (CWE-532) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-info-disc-8qeynkej"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20630"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020209"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/532.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "date": "2022-02-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-20630"
          },
          {
            "date": "2023-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "date": "2022-02-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          },
          {
            "date": "2022-02-10T18:15:08.860000",
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-405183"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-20630"
          },
          {
            "date": "2023-05-11T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2022-20630"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco\u00a0DNA\u00a0Center\u00a0 Vulnerability regarding information leakage from log files in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-004919"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "log information leak",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-119"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-0203

    Vulnerability from variot - Updated: 2025-07-24 23:54

    A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0203",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.3.0"
          },
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.3.3"
          },
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.2.5"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "cve": "CVE-2021-34782",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-34782",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-395024",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34782",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-34782",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2021-34782",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202110-289",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-395024",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-34782",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-395024"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395024"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34782"
          }
        ],
        "trust": 1.08
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-34782",
            "trust": 1.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3313",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100712",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-395024",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34782",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-395024"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "id": "VAR-202110-0203",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-395024"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:54:47.696000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Cisco DNA Center Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165852"
          },
          {
            "title": "Cisco: Cisco DNA Center Information Disclosure Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnac-infodisc-KyC6YncS"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-34782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-202",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-infodisc-kyc6yncs"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100712"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3313"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34782"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-395024"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-395024"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-395024"
          },
          {
            "date": "2021-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-34782"
          },
          {
            "date": "2021-10-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          },
          {
            "date": "2021-10-06T20:15:18.677000",
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-10-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-395024"
          },
          {
            "date": "2021-10-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-34782"
          },
          {
            "date": "2021-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2021-34782"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco DNA Center Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202110-289"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0745

    Vulnerability from variot - Updated: 2025-07-24 23:52

    A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have administrative credentials on the affected device. Cisco DNA Center is a network management and command center service of Cisco (Cisco)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0745",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.1.0"
          },
          {
            "model": "cisco dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "cve": "CVE-2021-1130",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1130",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374184",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1130",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1130",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1130",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2021-1130",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1130",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1037",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374184",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have administrative credentials on the affected device. Cisco DNA Center is a network management and command center service of Cisco (Cisco)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374184"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1130",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0151",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374184",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "id": "VAR-202101-0745",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374184"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:52:01.054000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dnac-xss-HfV73cS3",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-HfV73cS3"
          },
          {
            "title": "Cisco DNA Center Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139139"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-xss-hfv73cs3"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1130"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0151/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-374184"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374184"
          },
          {
            "date": "2021-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          },
          {
            "date": "2021-01-13T22:15:14.473000",
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374184"
          },
          {
            "date": "2021-09-27T06:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          },
          {
            "date": "2021-01-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2021-1130"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco\u00a0DNA\u00a0Center\u00a0 Cross-site scripting vulnerabilities in software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002585"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1037"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201904-0432

    Vulnerability from variot - Updated: 2025-07-24 23:48

    A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected. Cisco DNA Center Contains an input validation vulnerability.Information may be obtained and information may be altered. Cisco DNA Center Software is prone to a access-bypass vulnerability. This issue is being tracked by Cisco Bug CSCvj93985. The solution scales and protects devices, applications, and more within the network

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0432",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.5"
          },
          {
            "model": "dna center",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.2.5"
          },
          {
            "model": "dna center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "108084"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:cisco:dna_center",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "108084"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2019-1841",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-1841",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-150753",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-1841",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-1841",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-1841",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2019-1841",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-1841",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201904-840",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-150753",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-150753"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected. Cisco DNA Center Contains an input validation vulnerability.Information may be obtained and information may be altered. Cisco DNA Center Software is prone to a access-bypass vulnerability. \nThis issue is being tracked by Cisco Bug CSCvj93985. The solution scales and protects devices, applications, and more within the network",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "BID",
            "id": "108084"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150753"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-1841",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "108084",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1335",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-150753",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-150753"
          },
          {
            "db": "BID",
            "id": "108084"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "id": "VAR-201904-0432",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-150753"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:48:49.721000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190417-swim-proxy",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy"
          },
          {
            "title": "Cisco Digital Network Architecture Center Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91674"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-441",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-150753"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/108084"
          },
          {
            "trust": 2.0,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190417-swim-proxy"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1841"
          },
          {
            "trust": 0.9,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1841"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/79314"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-150753"
          },
          {
            "db": "BID",
            "id": "108084"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-150753"
          },
          {
            "db": "BID",
            "id": "108084"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-150753"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "BID",
            "id": "108084"
          },
          {
            "date": "2019-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          },
          {
            "date": "2019-04-18T02:29:06.123000",
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-150753"
          },
          {
            "date": "2019-04-17T00:00:00",
            "db": "BID",
            "id": "108084"
          },
          {
            "date": "2019-05-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          },
          {
            "date": "2019-05-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2019-1841"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco DNA Center Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-003527"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "108084"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201904-840"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-202008-0797

    Vulnerability from variot - Updated: 2025-07-24 23:40

    A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. The solution scales and protects devices, applications, and more within the network

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0797",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3"
          },
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.4"
          },
          {
            "model": "dna center",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:cisco:dna_center",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          }
        ]
      },
      "cve": "CVE-2020-3411",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-3411",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009583",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-181536",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-3411",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-3411",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009583",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-3411",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2020-3411",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-009583",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-176",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-181536",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. The solution scales and protects devices, applications, and more within the network",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "VULHUB",
            "id": "VHN-181536"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-3411",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "48349",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2700",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-47592",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-181536",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "id": "VAR-202008-0797",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181536"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:40:49.615000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dna-info-disc-3bz8BCgR",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-info-disc-3bz8BCgR"
          },
          {
            "title": "Cisco Digital Network Architecture Center Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125515"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-287",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dna-info-disc-3bz8bcgr"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3411"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3411"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/48349"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2700/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-181536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-181536"
          },
          {
            "date": "2020-11-18T08:21:24",
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "date": "2020-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          },
          {
            "date": "2020-08-17T18:15:12.680000",
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-08-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-181536"
          },
          {
            "date": "2020-11-18T08:21:24",
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          },
          {
            "date": "2021-08-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2020-3411"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco DNA Center Vulnerability regarding information leakage in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009583"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-176"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0459

    Vulnerability from variot - Updated: 2025-07-24 23:40

    A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. The solution scales and protects devices, applications, and more within the network

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0459",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.0.6"
          },
          {
            "model": "catalyst center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.0"
          },
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.4"
          },
          {
            "model": "dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.3.0.6"
          },
          {
            "model": "dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.3.1.4"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:cisco:dna_center",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dylan Garnaud, Benoit Malaboeuf",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-15253",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2019-15253",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014489",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-147281",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2019-15253",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2019-15253",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014489",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-15253",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2019-15253",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014489",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-126",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-147281",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-15253",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4. The solution scales and protects devices, applications, and more within the network",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15253"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-15253",
            "trust": 2.6
          },
          {
            "db": "PACKETSTORM",
            "id": "157668",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126",
            "trust": 0.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "48459",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0452",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04518",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-147281",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15253",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "id": "VAR-202002-0459",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147281"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:40:47.417000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190205-dnac-xss",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190205-dnac-xss"
          },
          {
            "title": "Cisco Digital Network Architecture Center Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109343"
          },
          {
            "title": "Cisco: Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190205-dnac-xss"
          },
          {
            "title": "CVE-repository",
            "trust": 0.1,
            "url": "https://github.com/Orange-Cyberdefense/CVE-repository "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Transmetal/CVE-repository-master "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-15253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190205-dnac-xss"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/157668/cisco-digital-network-architecture-center-1.3.1.4-cross-site-scripting.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15253"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15253"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0452/"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/48459"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/orange-cyberdefense/cve-repository"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-15253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "date": "2020-02-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15253"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "date": "2020-02-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          },
          {
            "date": "2020-02-05T18:15:10.533000",
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-147281"
          },
          {
            "date": "2021-12-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-15253"
          },
          {
            "date": "2020-02-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          },
          {
            "date": "2020-05-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2019-15253"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco Digital Network Architecture Center Cross-site scripting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014489"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-126"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202008-0819

    Vulnerability from variot - Updated: 2025-07-24 23:35

    Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco DNA Center The software contains a cross-site scripting vulnerability.Information may be obtained and tampered with

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0819",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "dna center",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:cisco:dna_center",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          }
        ]
      },
      "cve": "CVE-2020-3466",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-3466",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010459",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-181591",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-3466",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.6,
                "id": "CVE-2020-3466",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-010459",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-3466",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2020-3466",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-010459",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-980",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-181591",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco DNA Center The software contains a cross-site scripting vulnerability.Information may be obtained and tampered with",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "VULHUB",
            "id": "VHN-181591"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-3466",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2860",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "48767",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-48222",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-181591",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "id": "VAR-202008-0819",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181591"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:35:56.413000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dnac-mlt-xss-zUzbcdEV",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-mlt-xss-zUzbcdEV"
          },
          {
            "title": "Cisco DNA Center software Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126774"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-mlt-xss-zuzbcdev"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3466"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3466"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/48767"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2860/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-181591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-181591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-181591"
          },
          {
            "date": "2021-01-19T01:57:24",
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "date": "2020-08-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          },
          {
            "date": "2020-08-26T17:15:13.757000",
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-181591"
          },
          {
            "date": "2021-01-19T01:57:24",
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2020-3466"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco DNA Center Cross-site scripting vulnerabilities in software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-010459"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-980"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1029

    Vulnerability from variot - Updated: 2025-07-24 23:27

    A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages. Cisco DNA Center There is a vulnerability related to improper permission settings.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco DNA Center is a network management and command center service of Cisco (Cisco)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1029",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.1.2.0"
          },
          {
            "model": "cisco dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "cve": "CVE-2021-1303",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1303",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-374357",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-1303",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-1303",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1303",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1303",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2021-1303",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1303",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1531",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374357",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-1303",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages. Cisco DNA Center There is a vulnerability related to improper permission settings.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco DNA Center is a network management and command center service of Cisco (Cisco)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1303"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1303",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0243",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374357",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1303",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "id": "VAR-202101-1029",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374357"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:27:14.488000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dnac-privesc-6qjA3hVh",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-6qjA3hVh"
          },
          {
            "title": "Cisco DNA Center Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139794"
          },
          {
            "title": "Cisco: Cisco DNA Center Privilege Escalation Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnac-privesc-6qjA3hVh"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-266",
            "trust": 1.1
          },
          {
            "problemtype": "Inappropriate permission settings (CWE-266) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-privesc-6qja3hvh"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1303"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0243/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/266.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195324"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1303"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1303"
          },
          {
            "date": "2021-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          },
          {
            "date": "2021-01-20T20:15:17.033000",
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374357"
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1303"
          },
          {
            "date": "2021-09-27T09:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2021-1303"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco\u00a0DNA\u00a0Center\u00a0 Inappropriate permission setting vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002619"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1531"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1047

    Vulnerability from variot - Updated: 2025-07-24 23:20

    A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center. Cisco DNA Center is a network management and command center service of Cisco (Cisco)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1047",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.0"
          },
          {
            "model": "cisco dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "cve": "CVE-2021-1264",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1264",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-374318",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-1264",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-1264",
                "impactScore": 5.8,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1264",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1264",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2021-1264",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1264",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1554",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374318",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-1264",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center. Cisco DNA Center is a network management and command center service of Cisco (Cisco)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1264"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1264",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0243",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374318",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1264",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "id": "VAR-202101-1047",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374318"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T23:20:55.956000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dnac-cmdinj-erumsWh9",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-cmdinj-erumsWh9"
          },
          {
            "title": "Cisco DNA Center Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139812"
          },
          {
            "title": "Cisco: Cisco DNA Center Command Runner Command Injection Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnac-cmdinj-erumsWh9"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://threatpost.com/critical-cisco-sd-wan-bugs-rce-attacks/163204/"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-cmdinj-erumswh9"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1264"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0243/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195300"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1264"
          },
          {
            "date": "2021-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          },
          {
            "date": "2021-01-20T20:15:15.267000",
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374318"
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1264"
          },
          {
            "date": "2021-09-27T09:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2021-1264"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco\u00a0DNA\u00a0Center\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002604"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1554"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202106-0493

    Vulnerability from variot - Updated: 2025-07-24 22:08

    A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco DNA Center is a network management and command center service of Cisco (Cisco)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0493",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.2.2.1"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "cve": "CVE-2021-1134",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-1134",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-374188",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-1134",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-1134",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1134",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2021-1134",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202106-1340",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374188",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco DNA Center is a network management and command center service of Cisco (Cisco)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374188"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1134",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-1340",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021061706",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2146",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374188",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "id": "VAR-202106-0493",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374188"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T22:08:26.092000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Cisco DNA Center Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155893"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374188"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-certvalid-usej2czk"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2146"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021061706"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-374188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374188"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-06-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          },
          {
            "date": "2021-06-29T03:15:06.890000",
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374188"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2021-1134"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-1340"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Pillow Buffer error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1025

    Vulnerability from variot - Updated: 2025-07-24 21:02

    A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. Cisco DNA Center The software contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco DNA Center is a network management and command center service of Cisco (Cisco). Attackers can take advantage of this vulnerability to conduct arbitrary malicious operations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1025",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.1.1.0"
          },
          {
            "model": "agent",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "5.7.6"
          },
          {
            "model": "cisco dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "cve": "CVE-2021-1257",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-1257",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-374311",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-1257",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-1257",
                "impactScore": 4.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1257",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1257",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2021-1257",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1257",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1613",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374311",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-1257",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user\u0027s session, and executing Command Runner commands. Cisco DNA Center The software contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco DNA Center is a network management and command center service of Cisco (Cisco). Attackers can take advantage of this vulnerability to conduct arbitrary malicious operations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1257"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1257",
            "trust": 2.6
          },
          {
            "db": "MCAFEE",
            "id": "SB10382",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0243",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374311",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1257",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "id": "VAR-202101-1025",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374311"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T21:02:17.309000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dnac-csrf-dC83cMcV",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-csrf-dC83cMcV"
          },
          {
            "title": "Cisco DNA Center Software Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139866"
          },
          {
            "title": "Cisco: Cisco DNA Center Cross-Site Request Forgery Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnac-csrf-dC83cMcV"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site request forgery (CWE-352) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-csrf-dc83cmcv"
          },
          {
            "trust": 1.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10382"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1257"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0243/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1645"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10382"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195321"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1257"
          },
          {
            "date": "2021-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          },
          {
            "date": "2021-01-20T20:15:14.207000",
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374311"
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1257"
          },
          {
            "date": "2021-09-27T09:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          },
          {
            "date": "2022-04-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2021-1257"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco\u00a0DNA\u00a0Center\u00a0 Cross-site request forgery vulnerability in software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002603"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1613"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-1048

    Vulnerability from variot - Updated: 2025-07-24 20:05

    A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices. Cisco DNA Center Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Cisco DNA Center is a network management and command center service of Cisco (Cisco)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1048",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "catalyst center",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.1.1.0"
          },
          {
            "model": "cisco dna center",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "cve": "CVE-2021-1265",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1265",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-374319",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-1265",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "psirt@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-1265",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1265",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1265",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "psirt@cisco.com",
                "id": "CVE-2021-1265",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1265",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1553",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374319",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-1265",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices. Cisco DNA Center Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Cisco DNA Center is a network management and command center service of Cisco (Cisco)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1265"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1265",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0243",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374319",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1265",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "id": "VAR-202101-1048",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374319"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-07-24T20:05:39.575000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-dnacid-OfeeRjcn",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnacid-OfeeRjcn"
          },
          {
            "title": "Cisco DNA Center Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139811"
          },
          {
            "title": "Cisco: Cisco DNA Center Information Disclosure Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnacid-OfeeRjcn"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-312",
            "trust": 1.1
          },
          {
            "problemtype": "Plaintext storage of important information (CWE-312) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnacid-ofeerjcn"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1265"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0243/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/312.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1265"
          },
          {
            "date": "2021-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          },
          {
            "date": "2021-01-20T20:15:15.407000",
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374319"
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1265"
          },
          {
            "date": "2021-09-27T09:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          },
          {
            "date": "2025-07-23T15:26:38.713000",
            "db": "NVD",
            "id": "CVE-2021-1265"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco\u00a0DNA\u00a0Center\u00a0 Vulnerability of important information in plaintext",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002605"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1553"
          }
        ],
        "trust": 0.6
      }
    }