Guest

Preview Tool

Cisco Bug: CSCvv58553 - Cisco DNA Center Information Disclosure Detailed Error Messages

Last Modified

Sep 16, 2020

Products (1)

  • Cisco DNA Center

Known Affected Releases

DNAC1.3.3.1

Description (partial)

Symptom:
The DNA Center application returns Java exception information in the response when garbage text is passed into the following endpoints:
 GET /api/v1/image/importation/site/2959ad67-dd33-4dc2-98b5-33fc1a184112?imageCategory=PHYSICAL&isDeviceAvailable=test123
 Parameter: "isDeviceAvaliable"
 POST /api/v1/ncp-node/graphql
 Parameter: "query"

Conditions:
This was observed in Cisco DNA Center 1.3.3.1, while using the REST-API.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.