Primary

Context

Cisco Catalyst Center Insufficient Access Control Vulnerability Allowing Data Manipulation

Vulnerability

A vulnerability exists in Cisco Catalyst Center (formerly Cisco DNA Center) that could enable an authenticated, remote attacker to read and modify data within a repository associated with an internal service on the affected device. This issue arises from inadequate enforcement of access controls on HTTP requests. Exploitation involves sending a crafted HTTP request to the device, which could result in unauthorized access to, and alteration of, data managed by the internal service.

Impact

Successful exploitation allows for unauthorized reading and modification of data in a repository belonging to an internal service on the affected device.

Remediation

Cisco has released a patch for this vulnerability in version 2.3.7.7. Instructions for upgrading can be found in the Cisco Security Vulnerability Policy.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Catalyst Center Insufficient Access Control Vulnerability Allowing Data Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating