Get started for free to scan for vulnerabilites.
Download Mageni to scan for vulnerabilities. It is free to get started and can be installed in Windows, macOS and Linux.
CVE-2021-1303
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.5/10
- Exploit Score
- 8/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- Single
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- High
- Base Score
- 8.8/10
- Exploit Score
- 2.8/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:* |
Yes
|
- | 2.1.2.0 |
Know your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.
Get Started for Free