Primary

Context

Cisco Catalyst Center REST API Command Injection Vulnerability Allowing Arbitrary Command Execution as Root

Vulnerability

A command injection vulnerability has been identified in the REST API of Cisco Catalyst Center, affecting both virtual and hardware appliances. This vulnerability allows an authenticated, remote attacker to execute arbitrary commands in a restricted container with root privileges. The issue arises from inadequate validation of user-supplied input in API request parameters. To exploit this vulnerability, an attacker must have valid credentials for a user account with at least the Observer role.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands with root privileges in a restricted container on the affected device.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to upgrade to version 2.3.7.10. For version 3.1, this vulnerability is not applicable.

Added: Nov 13, 2025, 5:24 PM

Updated: Nov 13, 2025, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Catalyst Center REST API Command Injection Vulnerability Allowing Arbitrary Command Execution as Root

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating