First published: Wed Oct 06 2021(Updated: )
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco DNA Center | <2.2.2.5 | |
Cisco DNA Center | >=2.2.3.0<2.2.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco DNA Center vulnerability is CVE-2021-34782.
CVE-2021-34782 has a severity rating of 4.3, which is classified as medium.
An attacker can exploit CVE-2021-34782 by gaining access to sensitive information through improper access controls on API endpoints in Cisco DNA Center.
Cisco DNA Center versions up to 2.2.2.5 and between 2.2.3.0 to 2.2.3.3 are affected by CVE-2021-34782.
You can find more information about CVE-2021-34782 in the Cisco Security Advisory at the following link: [CISCO-SA-DNAC-INFODISC-KYC6YNCS]