Security Vulnerability For Cisco DNA Center

Cisco disclosed a high-severity vulnerability allows cross-site request forgery (CSRF) attacks and Information Disclosure Vulnerability.

CVE-2021-1257 — Cross-Site Request Forgery Vulnerability

Cisco DNA Center is prone to a cross-site request forgery vulnerability.

Also, the vulnerability is caused due to insufficient CSRF protections for the web-based management interface of an affected device.

In addition, An unauthenticated remote attacker can exploit this vulnerability by persuading a web-based management user to follow a specially crafted link.

However, Successful exploitation can enable an attacker to perform arbitrary actions on the device with the privileges of the authenticated user.

This vulnerability is considered as High severity.

Vulnerable Platforms:

This vulnerability affects Cisco DNA Center Software Releases Prior to 2.1.1.0

Non-Vulnerable Platforms:

Cisco DNA Center Software Release 2.1.1.0, 2.1.2.0, 2.1.2.3, 2.1.2.4

Reference:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-csrf-dC83cMcV

CVE-2021-1265 — Information Disclosure Vulnerability

Cisco DNA Center is prone to an information disclosure vulnerability.

Also, the vulnerability is caused due to the configuration archives files being stored in clear text, which can be retrieved by various API calls.

In addition, An authenticated remote attacker can exploit this vulnerability by authenticating to the device and executing a series of API calls.

However, Successful exploitation can enable an attacker to retrieve the full unmasked running configurations of managed devices.

This vulnerability is considered as High severity.

Follow Us on: Twitter, Instagram, Facebook to get latest security news!

Vulnerable Products:

This vulnerability affects Cisco DNA Center Software releases earlier than 2.1.1.0

Fixed Releases:

This vulnerability is fixed in Cisco DNA Center Software releases *2.1.1.0,*2.1.2.0, *2.1.2.3, and 2.1.2.4 and later.

Reference:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnacid-OfeeRjcn

Post Views: 760

By FHN| 2021-01-28T21:57:15+05:30 January 28th, 2021|Security Update|

About the Author: FHN

FirstHackersNews- Identifies Security

CVE-2021-1257 — Cross-Site Request Forgery Vulnerability

Vulnerable Platforms:

Non-Vulnerable Platforms:

Reference:

CVE-2021-1265 — Information Disclosure Vulnerability

Vulnerable Products:

Fixed Releases:

Reference:

About the Author: FHN

BADBOX botnet hacked 74,000 Android devices with remote codes

Malicious supply chain attacks shift from npm to VSCode Marketplace

Careto: A Notorious Threat Group Targets Windows with Microphone Recording and File Theft

New VIPKeyLogger in Office Docs Steals Credentials

Hackers Exploit Windows Management Console for Backdoor Payloads

Leave A Comment Cancel reply

Newsletter

Get Social

Categories

Recent posts

Security Vulnerability For Cisco DNA Center