First published: Wed Sep 27 2023(Updated: )
A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco DNA Center | <2.3.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-20223 is a vulnerability in Cisco DNA Center that allows an unauthenticated remote attacker to read and modify data in a repository belonging to an internal service on an affected device.
An attacker can exploit CVE-2023-20223 by sending unauthorized API requests to Cisco DNA Center.
CVE-2023-20223 has a severity rating of 8.6, which is considered high.
The affected software for CVE-2023-20223 is Cisco DNA Center version up to and exclusive to 2.3.5.4.
More information about CVE-2023-20223 can be found at the following link: [Cisco Security Advisory - cisco-sa-dnac-ins-acc-con-nHAVDRBZ](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ)