Primary

Context

Cisco Catalyst Center Privilege Escalation Vulnerability

Vulnerability

A vulnerability exists in Cisco Catalyst Center that allows an authenticated, remote attacker to perform actions requiring Administrator privileges. This issue arises from improper role-based access control (RBAC), enabling an attacker with valid read-only user credentials to log in and alter certain policy configurations reserved for Administrators. The vulnerability affects both virtual and hardware appliances of Cisco Catalyst Center, version 2.3.7 and earlier.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing attackers to modify policy configurations that should be restricted to Administrators.

Remediation

Users are advised to upgrade to Cisco Catalyst Center version 2.3.7.10. For guidance on obtaining the update, refer to the Cisco Support and Downloads page or contact the Cisco Technical Assistance Center (TAC).

Added: Nov 13, 2025, 5:25 PM

Updated: Nov 13, 2025, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Catalyst Center Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating