CVE-2023-20059 — Vulnetix

CVE-2023-20059 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.

EPSS 0.09% · 24.7th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.09%

24.7th percentile

Affected Products

Vendor	Product	Versions
cisco	catalyst_center	0, 2.3.4.0
Cisco	Cisco Digital Network Architecture Center (DNA Center)	n/a

Exploit Intelligence

20230322 Cisco DNA Center Information Disclosure Vulnerability (circl)

Timeline

Mar 23, 2023 CVE Published
Mar 24, 2023 EPSS Score
May 1, 2023 EPSS Score
Jun 9, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Aug 25, 2023 EPSS Score
Oct 2, 2023 EPSS Score
Nov 9, 2023 EPSS Score
Dec 18, 2023 EPSS Score
Jan 25, 2024 EPSS Score
Mar 3, 2024 EPSS Score
Apr 11, 2024 EPSS Score

References

20230322 Cisco DNA Center Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-20059 advisory

Open in Interactive Console →