CVE-2025-20223

A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP requests. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-insec-acc-mtt8EhEb

Configurations

No configuration.

History

08 May 2025, 14:39

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en Cisco Catalyst Center, anteriormente Cisco DNA Center, podría permitir que un atacante remoto autenticado lea y modifique datos en un repositorio perteneciente a un servicio interno de un dispositivo afectado. Esta vulnerabilidad se debe a un control de acceso insuficiente en las solicitudes HTTP. Un atacante podría explotar esta vulnerabilidad enviando una solicitud HTTP manipulada a un dispositivo afectado. Una explotación exitosa podría permitir al atacante leer y modificar datos gestionados por un servicio interno del dispositivo afectado.

07 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 18:15

Updated : 2025-05-08 14:39

NVD link : CVE-2025-20223

Mitre link : CVE-2025-20223

CVE.ORG link : CVE-2025-20223

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

4.7 /10