← Back

CVE-2023-20223

nvd nist
Published: Sep 27, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitability: 3.9 / Impact: 4.2
Source: NVD

Description

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.

Affected (1)

Products: Cisco: Dna Center
Cisco
1 product
Dna Center
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Dna Center
Before 2.3.5.4

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.