Severity
Medium
Analysis Summary
CVE-2023-20055 CVSS:8
Cisco DNA Center could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an unintended exposure of sensitive information. By inspecting the responses from the API, an authenticated attacker could exploit this vulnerability to access the API with the privileges of a higher-level user account.
CVE-2023-20059 CVSS:4.3
Cisco DNA Center could allow a remote authenticated attacker to obtain sensitive information, caused by improper role-based access control (RBAC) with the integration of PnP. By sending a specially crafted query to an internal API, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-20055
- CVE-2023-20059
Affected Vendors
Cisco
Affected Products
- Cisco DNA Center
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.