First published: Thu May 18 2023(Updated: )
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco DNA Center | <2.3.3.7 | |
Cisco DNA Center | >=2.3.4<2.3.5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco DNA Center Software vulnerability is CVE-2023-20183.
The severity of the vulnerability (CVE-2023-20183) is medium with a severity value of 4.3.
Cisco DNA Center Software versions up to and exclusive of 2.3.3.7, and versions between inclusive 2.3.4 and exclusive 2.3.5.3 are affected by the vulnerability (CVE-2023-20183).
An authenticated, remote attacker can read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user using this vulnerability (CVE-2023-20183).
Yes, you can find more information about this vulnerability (CVE-2023-20183) in the Cisco Security Advisory at the following link: [Cisco Security Advisory - Cisco DNA Center Multiple Vulnerabilities](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3)