VDB

CVE-2024-20350

CVE-2024-20350 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.

EPSS 2.50% · 85.6th percentile

Risk Scores

CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
2.50%
85.6th percentile

Affected Products

VendorProductVersions
ciscodigital_network_architecture_center1.4.0.0, 2.1.1.0, 2.1.1.3
ciscocatalyst_center1.0.0, 1.4.0.0, 2.1.1.0
CiscoCisco Digital Network Architecture Center (DNA Center)1.4.0.0, 2.1.1.0, 2.1.1.3

Exploit Intelligence

Timeline

  • Sep 25, 2024 CVE Published
  • Sep 26, 2024 EPSS Score
  • Sep 27, 2024 CVE Updated
  • Oct 4, 2024 Coalition ESS Score
  • Oct 15, 2024 EPSS Score
  • Nov 4, 2024 EPSS Score
  • Dec 13, 2024 EPSS Score
  • Jan 2, 2025 EPSS Score
  • Jan 21, 2025 EPSS Score
  • Feb 9, 2025 EPSS Score
  • Feb 28, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›