Cisco Bug: CSCvs65165 - Cisco Digital Network Architecture Center Information Disclosure Vulnerability
Jul 09, 2020
- Cisco DNA Center
Known Affected Releases
Symptom: A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-audit-log-59RBdwb6 Conditions: At the time of publication, this vulnerability affected Cisco DNA Center Software Releases earlier than 18.104.22.168 At the time of publication, Cisco DNA Center Software Releases 22.214.171.124 and later contained the fix for this vulnerability.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases