Guest

Preview Tool

Cisco Bug: CSCvs65165 - Cisco Digital Network Architecture Center Information Disclosure Vulnerability

Last Modified

Jul 09, 2020

Products (1)

  • Cisco DNA Center

Known Affected Releases

DNAC1.3.0.2

Description (partial)

Symptom:
A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text.

The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-audit-log-59RBdwb6

Conditions:
At the time of publication, this vulnerability affected Cisco DNA Center Software Releases earlier than 1.3.3.3

At the time of publication, Cisco DNA Center Software Releases  1.3.3.3 and later contained the fix for this vulnerability.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.