First published: Thu May 18 2023(Updated: )
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco DNA Center | <2.2.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-20184 is a vulnerability in the API of Cisco DNA Center Software that allows an authenticated remote attacker to read information, enumerate user information, or execute arbitrary commands as the root user.
The severity of CVE-2023-20184 is medium, with a severity value of 4.3.
An attacker can exploit CVE-2023-20184 by exploiting vulnerabilities in the API of Cisco DNA Center Software, allowing them to read information, enumerate user information, or execute arbitrary commands in a restricted container as the root user.
The versions affected by CVE-2023-20184 are up to, but not including, version 2.2.3.5 of Cisco DNA Center Software.
To fix CVE-2023-20184, it is recommended to update Cisco DNA Center Software to a version that is not affected by the vulnerability.