CVE-2021-1303

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.

Published: Jan 20, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-1303
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-266

Affected Software
References

Software	From	Fixed in
cisco / dna_center	-	2.1.2.0

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-6qjA3hVh

Vulnerability Database

289,599

CVE-2021-1303