Refine your search
10 vulnerabilities found for Cisco Digital Network Architecture Center (DNA Center) by Cisco
CVE-2025-20355 (GCVE-0-2025-20355)
Vulnerability from nvd
Published
2025-11-13 16:18
Modified
2025-11-13 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 1.4.0.0 Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.4 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.1 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.1.2.8 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.3.6 Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.3-AIRGAP-CA Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.4-HF1 Version: 2.3.4.0 Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.5.0 Version: 2.3.3.6-AIRGAP Version: 2.3.5.0-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.7.0-VA Version: 2.3.5.4 Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.4-AIRGAP-MDNAC Version: 2.3.7.5-AIRGAP Version: 2.3.7.5-VA Version: 2.3.5.6-AIRGAP Version: 2.3.5.6 Version: 2.3.5.6-AIRGAP-MDNAC Version: 1.0.0.0 Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.7.6-VA Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF52 Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-VA Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF72 Version: 2.3.7.9-VA Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: 2.3.7.9-70301-GSMU10 Version: 2.3.7.9-75403-SMU10 Version: 2.3.7.9-75403-GSMU10 Version: 2.3.7.9.75403.10-VA |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:47:11.902334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:51:21.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0.0"
},
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.4"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.1"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.1.2.8"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.3.6"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.4-HF1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.5.0"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.0-VA"
},
{
"status": "affected",
"version": "2.3.5.4"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.5-VA"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "1.0.0.0"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF52"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF72"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-70301-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-SMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9.75403.10-VA"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\nThis vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:42.125Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-catc-open-redirect-3W5Bk3Je",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je"
}
],
"source": {
"advisory": "cisco-sa-catc-open-redirect-3W5Bk3Je",
"defects": [
"CSCwk40834"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst Center Software HTTP Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20355",
"datePublished": "2025-11-13T16:18:14.450Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-11-13T16:51:21.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20353 (GCVE-0-2025-20353)
Vulnerability from nvd
Published
2025-11-13 16:18
Modified
2025-11-13 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.4 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.1 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.1.2.8 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.3.6 Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.3-AIRGAP-CA Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.4-HF1 Version: 2.3.4.0 Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.5.0 Version: 2.3.3.6-AIRGAP Version: 2.3.5.0-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.5.4 Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.4-AIRGAP-MDNAC Version: 2.3.7.5-AIRGAP Version: 2.3.5.6-AIRGAP Version: 2.3.5.6 Version: 2.3.5.6-AIRGAP-MDNAC Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF52 Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF72 Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: 2.3.7.9-70301-GSMU10 Version: 2.3.7.9-70301-SMU1 Version: 2.3.7.9-75403-SMU10 Version: 2.3.7.9-75403-GSMU10 Version: 2.3.5.3-EULA |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T17:11:03.069694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T17:11:16.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.4"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.1"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.1.2.8"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.3.6"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.4-HF1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.5.0"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.4"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF52"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF72"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-70301-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9-70301-SMU1"
},
{
"status": "affected",
"version": "2.3.7.9-75403-SMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-GSMU10"
},
{
"status": "affected",
"version": "2.3.5.3-EULA"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:42.137Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-dnac-xss-weXtVZ59",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59"
}
],
"source": {
"advisory": "cisco-sa-dnac-xss-weXtVZ59",
"defects": [
"CSCwn51440"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst Center Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20353",
"datePublished": "2025-11-13T16:18:12.708Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-11-13T17:11:16.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20349 (GCVE-0-2025-20349)
Vulnerability from nvd
Published
2025-11-13 16:18
Modified
2025-11-14 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user.
This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 1.4.0.0 Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.4 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.1 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.1.2.8 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.3.6 Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.3-AIRGAP-CA Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.4-HF1 Version: 2.3.4.0 Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.5.0 Version: 2.3.3.6-AIRGAP Version: 2.3.5.0-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.7.0-VA Version: 2.3.5.4 Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.4-AIRGAP-MDNAC Version: 2.3.7.5-AIRGAP Version: 2.3.7.5-VA Version: 2.3.5.6-AIRGAP Version: 2.3.5.6 Version: 2.3.5.6-AIRGAP-MDNAC Version: 1.0.0.0 Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.7.6-VA Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF52 Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-VA Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF72 Version: 2.3.7.9-VA Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: 2.3.7.9-70301-SMU1 Version: 2.3.5.3-EULA Version: 0.0.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:36.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0.0"
},
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.4"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.1"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.1.2.8"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.3.6"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.4-HF1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.5.0"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.0-VA"
},
{
"status": "affected",
"version": "2.3.5.4"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.5-VA"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "1.0.0.0"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF52"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF72"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-70301-SMU1"
},
{
"status": "affected",
"version": "2.3.5.3-EULA"
},
{
"status": "affected",
"version": "0.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:31.359Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-dnac-ci-ZWLQVSwT",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT"
}
],
"source": {
"advisory": "cisco-sa-dnac-ci-ZWLQVSwT",
"defects": [
"CSCwo77762"
],
"discovery": "INTERNAL"
},
"title": "Cisco DNA Center API Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20349",
"datePublished": "2025-11-13T16:18:03.689Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-11-14T04:55:36.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20346 (GCVE-0-2025-20346)
Vulnerability from nvd
Published
2025-11-13 16:27
Modified
2025-11-14 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials.
This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.3.6-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: VA Launchpad 1.0.3 Version: VA Launchpad 1.0.4 Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: VA Launchpad 1.2.1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: VA Launchpad 1.3.0 Version: VA Launchpad 1.5.0 Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.7.0-VA Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: VA Launchpad 1.6.0 Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: VA Launchpad 1.7.0 Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.5-AIRGAP Version: VA Launchpad 1.9.0 Version: 2.3.5.6-AIRGAP Version: 2.3.5.6-AIRGAP-MDNAC Version: 1.0.0.0 Version: Cisco CCGM 1.0.0.0 Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.7.6-VA Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-VA Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.7.9-VA Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: Cisco CCGM 1.1.1 Version: 2.3.7.9-70301-GSMU10 Version: 2.3.7.9-70301-SMU1 Version: 2.3.7.9-75403-SMU10 Version: 2.3.7.9-75403-GSMU10 Version: Cisco CCGM 1.2.1 Version: 2.3.5.3-EULA Version: 2.3.7.9.75403.10-VA Version: 0.0.0.0 Version: 1.16.54 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:38.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "VA Launchpad 1.0.3"
},
{
"status": "affected",
"version": "VA Launchpad 1.0.4"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "VA Launchpad 1.2.1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "VA Launchpad 1.3.0"
},
{
"status": "affected",
"version": "VA Launchpad 1.5.0"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.0-VA"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "VA Launchpad 1.6.0"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "VA Launchpad 1.7.0"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "VA Launchpad 1.9.0"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "1.0.0.0"
},
{
"status": "affected",
"version": "Cisco CCGM 1.0.0.0"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "Cisco CCGM 1.1.1"
},
{
"status": "affected",
"version": "2.3.7.9-70301-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9-70301-SMU1"
},
{
"status": "affected",
"version": "2.3.7.9-75403-SMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-GSMU10"
},
{
"status": "affected",
"version": "Cisco CCGM 1.2.1"
},
{
"status": "affected",
"version": "2.3.5.3-EULA"
},
{
"status": "affected",
"version": "2.3.7.9.75403.10-VA"
},
{
"status": "affected",
"version": "0.0.0.0"
},
{
"status": "affected",
"version": "1.16.54"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials.\r\n\r\nThis vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:30.871Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-privesc-catc-rYjReeLU",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU"
}
],
"source": {
"advisory": "cisco-sa-privesc-catc-rYjReeLU",
"defects": [
"CSCwo05088"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst Center Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20346",
"datePublished": "2025-11-13T16:27:30.871Z",
"dateReserved": "2024-10-10T19:15:13.256Z",
"dateUpdated": "2025-11-14T04:55:38.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20341 (GCVE-0-2025-20341)
Vulnerability from nvd
Published
2025-11-13 16:18
Modified
2025-11-14 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 2.3.7.5-VA Version: 2.3.7.6-VA Version: 2.3.7.7-VA Version: 2.3.7.9-VA Version: 2.3.7.9.75403.10-VA |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:35.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.3.7.5-VA"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9.75403.10-VA"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:30.810Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-catc-priv-esc-VS8EeCuX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX"
}
],
"source": {
"advisory": "cisco-sa-catc-priv-esc-VS8EeCuX",
"defects": [
"CSCwo97875"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Catalyst Center Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20341",
"datePublished": "2025-11-13T16:18:03.687Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-11-14T04:55:35.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20346 (GCVE-0-2025-20346)
Vulnerability from cvelistv5
Published
2025-11-13 16:27
Modified
2025-11-14 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials.
This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.3.6-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: VA Launchpad 1.0.3 Version: VA Launchpad 1.0.4 Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: VA Launchpad 1.2.1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: VA Launchpad 1.3.0 Version: VA Launchpad 1.5.0 Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.7.0-VA Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: VA Launchpad 1.6.0 Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: VA Launchpad 1.7.0 Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.5-AIRGAP Version: VA Launchpad 1.9.0 Version: 2.3.5.6-AIRGAP Version: 2.3.5.6-AIRGAP-MDNAC Version: 1.0.0.0 Version: Cisco CCGM 1.0.0.0 Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.7.6-VA Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-VA Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.7.9-VA Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: Cisco CCGM 1.1.1 Version: 2.3.7.9-70301-GSMU10 Version: 2.3.7.9-70301-SMU1 Version: 2.3.7.9-75403-SMU10 Version: 2.3.7.9-75403-GSMU10 Version: Cisco CCGM 1.2.1 Version: 2.3.5.3-EULA Version: 2.3.7.9.75403.10-VA Version: 0.0.0.0 Version: 1.16.54 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:38.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "VA Launchpad 1.0.3"
},
{
"status": "affected",
"version": "VA Launchpad 1.0.4"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "VA Launchpad 1.2.1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "VA Launchpad 1.3.0"
},
{
"status": "affected",
"version": "VA Launchpad 1.5.0"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.0-VA"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "VA Launchpad 1.6.0"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "VA Launchpad 1.7.0"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "VA Launchpad 1.9.0"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "1.0.0.0"
},
{
"status": "affected",
"version": "Cisco CCGM 1.0.0.0"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "Cisco CCGM 1.1.1"
},
{
"status": "affected",
"version": "2.3.7.9-70301-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9-70301-SMU1"
},
{
"status": "affected",
"version": "2.3.7.9-75403-SMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-GSMU10"
},
{
"status": "affected",
"version": "Cisco CCGM 1.2.1"
},
{
"status": "affected",
"version": "2.3.5.3-EULA"
},
{
"status": "affected",
"version": "2.3.7.9.75403.10-VA"
},
{
"status": "affected",
"version": "0.0.0.0"
},
{
"status": "affected",
"version": "1.16.54"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials.\r\n\r\nThis vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:30.871Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-privesc-catc-rYjReeLU",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU"
}
],
"source": {
"advisory": "cisco-sa-privesc-catc-rYjReeLU",
"defects": [
"CSCwo05088"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst Center Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20346",
"datePublished": "2025-11-13T16:27:30.871Z",
"dateReserved": "2024-10-10T19:15:13.256Z",
"dateUpdated": "2025-11-14T04:55:38.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20355 (GCVE-0-2025-20355)
Vulnerability from cvelistv5
Published
2025-11-13 16:18
Modified
2025-11-13 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 1.4.0.0 Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.4 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.1 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.1.2.8 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.3.6 Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.3-AIRGAP-CA Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.4-HF1 Version: 2.3.4.0 Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.5.0 Version: 2.3.3.6-AIRGAP Version: 2.3.5.0-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.7.0-VA Version: 2.3.5.4 Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.4-AIRGAP-MDNAC Version: 2.3.7.5-AIRGAP Version: 2.3.7.5-VA Version: 2.3.5.6-AIRGAP Version: 2.3.5.6 Version: 2.3.5.6-AIRGAP-MDNAC Version: 1.0.0.0 Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.7.6-VA Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF52 Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-VA Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF72 Version: 2.3.7.9-VA Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: 2.3.7.9-70301-GSMU10 Version: 2.3.7.9-75403-SMU10 Version: 2.3.7.9-75403-GSMU10 Version: 2.3.7.9.75403.10-VA |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:47:11.902334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:51:21.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0.0"
},
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.4"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.1"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.1.2.8"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.3.6"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.4-HF1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.5.0"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.0-VA"
},
{
"status": "affected",
"version": "2.3.5.4"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.5-VA"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "1.0.0.0"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF52"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF72"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-70301-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-SMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9.75403.10-VA"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\nThis vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:42.125Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-catc-open-redirect-3W5Bk3Je",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je"
}
],
"source": {
"advisory": "cisco-sa-catc-open-redirect-3W5Bk3Je",
"defects": [
"CSCwk40834"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst Center Software HTTP Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20355",
"datePublished": "2025-11-13T16:18:14.450Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-11-13T16:51:21.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20353 (GCVE-0-2025-20353)
Vulnerability from cvelistv5
Published
2025-11-13 16:18
Modified
2025-11-13 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.4 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.1 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.1.2.8 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.3.6 Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.3-AIRGAP-CA Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.4-HF1 Version: 2.3.4.0 Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.5.0 Version: 2.3.3.6-AIRGAP Version: 2.3.5.0-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.5.4 Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.4-AIRGAP-MDNAC Version: 2.3.7.5-AIRGAP Version: 2.3.5.6-AIRGAP Version: 2.3.5.6 Version: 2.3.5.6-AIRGAP-MDNAC Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF52 Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF72 Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: 2.3.7.9-70301-GSMU10 Version: 2.3.7.9-70301-SMU1 Version: 2.3.7.9-75403-SMU10 Version: 2.3.7.9-75403-GSMU10 Version: 2.3.5.3-EULA |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T17:11:03.069694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T17:11:16.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.4"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.1"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.1.2.8"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.3.6"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.4-HF1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.5.0"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.4"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF52"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF72"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-70301-GSMU10"
},
{
"status": "affected",
"version": "2.3.7.9-70301-SMU1"
},
{
"status": "affected",
"version": "2.3.7.9-75403-SMU10"
},
{
"status": "affected",
"version": "2.3.7.9-75403-GSMU10"
},
{
"status": "affected",
"version": "2.3.5.3-EULA"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:42.137Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-dnac-xss-weXtVZ59",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59"
}
],
"source": {
"advisory": "cisco-sa-dnac-xss-weXtVZ59",
"defects": [
"CSCwn51440"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst Center Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20353",
"datePublished": "2025-11-13T16:18:12.708Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-11-13T17:11:16.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20349 (GCVE-0-2025-20349)
Vulnerability from cvelistv5
Published
2025-11-13 16:18
Modified
2025-11-14 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user.
This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 1.4.0.0 Version: 2.1.1.0 Version: 2.1.1.3 Version: 2.1.2.0 Version: 2.1.2.3 Version: 2.1.2.4 Version: 2.1.2.5 Version: 2.2.1.0 Version: 2.1.2.6 Version: 2.2.2.0 Version: 2.2.2.1 Version: 2.2.2.3 Version: 2.1.2.7 Version: 2.2.1.3 Version: 2.2.3.0 Version: 2.2.2.4 Version: 2.2.2.5 Version: 2.2.3.3 Version: 2.2.2.7 Version: 2.2.2.6 Version: 2.2.2.8 Version: 2.2.3.4 Version: 2.1.2.8 Version: 2.3.2.1 Version: 2.3.2.1-AIRGAP Version: 2.3.2.1-AIRGAP-CA Version: 2.2.3.5 Version: 2.3.3.0 Version: 2.3.3.3 Version: 2.3.3.1-AIRGAP Version: 2.3.3.1 Version: 2.3.2.3 Version: 2.3.3.3-AIRGAP Version: 2.2.3.6 Version: 2.2.2.9 Version: 2.3.3.0-AIRGAP Version: 2.3.3.3-AIRGAP-CA Version: 2.3.3.4 Version: 2.3.3.4-AIRGAP Version: 2.3.3.4-AIRGAP-MDNAC Version: 2.3.3.4-HF1 Version: 2.3.4.0 Version: 2.3.3.5 Version: 2.3.3.5-AIRGAP Version: 2.3.4.0-AIRGAP Version: 2.3.4.3 Version: 2.3.4.3-AIRGAP Version: 2.3.3.6 Version: 2.3.5.0 Version: 2.3.3.6-AIRGAP Version: 2.3.5.0-AIRGAP Version: 2.3.3.6-AIRGAP-MDNAC Version: 2.3.5.0-AIRGAP-MDNAC Version: 2.3.3.7 Version: 2.3.3.7-AIRGAP Version: 2.3.3.7-AIRGAP-MDNAC Version: 2.3.6.0 Version: 2.3.3.6-70045-HF1 Version: 2.3.3.7-72328-AIRGAP Version: 2.3.3.7-72323 Version: 2.3.3.7-72328-MDNAC Version: 2.3.5.3 Version: 2.3.5.3-AIRGAP-MDNAC Version: 2.3.5.3-AIRGAP Version: 2.3.6.0-AIRGAP Version: 2.3.7.0 Version: 2.3.7.0-AIRGAP Version: 2.3.7.0-AIRGAP-MDNAC Version: 2.3.7.0-VA Version: 2.3.5.4 Version: 2.3.5.4-AIRGAP Version: 2.3.5.4-AIRGAP-MDNAC Version: 2.3.7.3 Version: 2.3.7.3-AIRGAP Version: 2.3.7.3-AIRGAP-MDNAC Version: 2.3.5.5-AIRGAP Version: 2.3.5.5 Version: 2.3.5.5-AIRGAP-MDNAC Version: 2.3.7.4 Version: 2.3.7.4-AIRGAP Version: 2.3.7.4-AIRGAP-MDNAC Version: 2.3.7.5-AIRGAP Version: 2.3.7.5-VA Version: 2.3.5.6-AIRGAP Version: 2.3.5.6 Version: 2.3.5.6-AIRGAP-MDNAC Version: 1.0.0.0 Version: 2.3.7.6-AIRGAP Version: 2.3.7.6 Version: 2.3.7.6-VA Version: 2.3.5.5-70026-HF70 Version: 2.3.5.5-70026-HF51 Version: 2.3.5.6-70143-HF20 Version: 2.3.7.6-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF52 Version: 2.3.5.5-70026-HF53 Version: 2.3.5.5-70026-HF71 Version: 2.3.7.7 Version: 2.3.7.7-VA Version: 2.3.7.7-AIRGAP Version: 2.3.7.7-AIRGAP-MDNAC Version: 2.3.5.5-70026-HF72 Version: 2.3.7.9-VA Version: 2.3.7.9 Version: 2.3.7.9-AIRGAP Version: 2.3.7.9-AIRGAP-MDNAC Version: 2.3.7.9-70301-SMU1 Version: 2.3.5.3-EULA Version: 0.0.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:36.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0.0"
},
{
"status": "affected",
"version": "2.1.1.0"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.2.0"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.2.4"
},
{
"status": "affected",
"version": "2.1.2.5"
},
{
"status": "affected",
"version": "2.2.1.0"
},
{
"status": "affected",
"version": "2.1.2.6"
},
{
"status": "affected",
"version": "2.2.2.0"
},
{
"status": "affected",
"version": "2.2.2.1"
},
{
"status": "affected",
"version": "2.2.2.3"
},
{
"status": "affected",
"version": "2.1.2.7"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.3.0"
},
{
"status": "affected",
"version": "2.2.2.4"
},
{
"status": "affected",
"version": "2.2.2.5"
},
{
"status": "affected",
"version": "2.2.3.3"
},
{
"status": "affected",
"version": "2.2.2.7"
},
{
"status": "affected",
"version": "2.2.2.6"
},
{
"status": "affected",
"version": "2.2.2.8"
},
{
"status": "affected",
"version": "2.2.3.4"
},
{
"status": "affected",
"version": "2.1.2.8"
},
{
"status": "affected",
"version": "2.3.2.1"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.2.1-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.2.3.5"
},
{
"status": "affected",
"version": "2.3.3.0"
},
{
"status": "affected",
"version": "2.3.3.3"
},
{
"status": "affected",
"version": "2.3.3.1-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.1"
},
{
"status": "affected",
"version": "2.3.2.3"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP"
},
{
"status": "affected",
"version": "2.2.3.6"
},
{
"status": "affected",
"version": "2.2.2.9"
},
{
"status": "affected",
"version": "2.3.3.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.3-AIRGAP-CA"
},
{
"status": "affected",
"version": "2.3.3.4"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.4-HF1"
},
{
"status": "affected",
"version": "2.3.4.0"
},
{
"status": "affected",
"version": "2.3.3.5"
},
{
"status": "affected",
"version": "2.3.3.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.4.3"
},
{
"status": "affected",
"version": "2.3.4.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6"
},
{
"status": "affected",
"version": "2.3.5.0"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.3.7"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.6.0"
},
{
"status": "affected",
"version": "2.3.3.6-70045-HF1"
},
{
"status": "affected",
"version": "2.3.3.7-72328-AIRGAP"
},
{
"status": "affected",
"version": "2.3.3.7-72323"
},
{
"status": "affected",
"version": "2.3.3.7-72328-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.6.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.0-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.0-VA"
},
{
"status": "affected",
"version": "2.3.5.4"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.3"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.3-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.5"
},
{
"status": "affected",
"version": "2.3.5.5-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.4"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.4-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.5-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.5-VA"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.5.6"
},
{
"status": "affected",
"version": "2.3.5.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "1.0.0.0"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.6"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF70"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF51"
},
{
"status": "affected",
"version": "2.3.5.6-70143-HF20"
},
{
"status": "affected",
"version": "2.3.7.6-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF52"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF53"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF71"
},
{
"status": "affected",
"version": "2.3.7.7"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.7-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.5.5-70026-HF72"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP"
},
{
"status": "affected",
"version": "2.3.7.9-AIRGAP-MDNAC"
},
{
"status": "affected",
"version": "2.3.7.9-70301-SMU1"
},
{
"status": "affected",
"version": "2.3.5.3-EULA"
},
{
"status": "affected",
"version": "0.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:31.359Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-dnac-ci-ZWLQVSwT",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT"
}
],
"source": {
"advisory": "cisco-sa-dnac-ci-ZWLQVSwT",
"defects": [
"CSCwo77762"
],
"discovery": "INTERNAL"
},
"title": "Cisco DNA Center API Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20349",
"datePublished": "2025-11-13T16:18:03.689Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-11-14T04:55:36.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20341 (GCVE-0-2025-20341)
Vulnerability from cvelistv5
Published
2025-11-13 16:18
Modified
2025-11-14 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Digital Network Architecture Center (DNA Center) |
Version: 2.3.7.5-VA Version: 2.3.7.6-VA Version: 2.3.7.7-VA Version: 2.3.7.9-VA Version: 2.3.7.9.75403.10-VA |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:35.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Digital Network Architecture Center (DNA Center)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.3.7.5-VA"
},
{
"status": "affected",
"version": "2.3.7.6-VA"
},
{
"status": "affected",
"version": "2.3.7.7-VA"
},
{
"status": "affected",
"version": "2.3.7.9-VA"
},
{
"status": "affected",
"version": "2.3.7.9.75403.10-VA"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:27:30.810Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-catc-priv-esc-VS8EeCuX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX"
}
],
"source": {
"advisory": "cisco-sa-catc-priv-esc-VS8EeCuX",
"defects": [
"CSCwo97875"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Catalyst Center Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20341",
"datePublished": "2025-11-13T16:18:03.687Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-11-14T04:55:35.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}