First published: Thu May 18 2023(Updated: )
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco DNA Center | <2.3.3.7 | |
Cisco DNA Center | >=2.3.4<2.3.5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for these multiple vulnerabilities in Cisco DNA Center Software is CVE-2023-20182.
The severity of CVE-2023-20182 is high, with a CVSS score of 8.8.
An authenticated remote attacker can read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user.
Cisco DNA Center Software versions up to and including 2.3.3.7 and versions between 2.3.4 and 2.3.5.3 are affected by CVE-2023-20182.
You can find more information about CVE-2023-20182 in the Cisco Security Advisory at the following link: [Cisco Security Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3).