Cisco Catalyst Center
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cisco Catalyst Center.
Recent Cisco Catalyst Center Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-11-13 | Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center Privilege Escalation Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center Cross-Site Scripting Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center REST API Command Injection Vulnerability | November 13, 2025 |
| 2025-11-13 | Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability | November 13, 2025 |
| 2025-05-07 | Cisco Catalyst Center Unauthenticated API Access Vulnerability | May 7, 2025 |
| 2025-05-07 | Cisco Catalyst Center Insufficient Access Control Vulnerability | May 7, 2025 |
| 2024-09-25 | Cisco Catalyst Center Static SSH Host Key Vulnerability | September 25, 2024 |
| 2024-03-27 | Cisco Catalyst Center Authorization Bypass Vulnerability | March 27, 2024 |
By the Year
In 2026 there have been 0 vulnerabilities in Cisco Catalyst Center. Last year, in 2025 Catalyst Center had 4 security vulnerabilities published. Right now, Catalyst Center is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 5.65 |
| 2024 | 2 | 8.10 |
| 2023 | 5 | 6.54 |
| 2022 | 1 | 4.40 |
| 2021 | 7 | 6.23 |
| 2020 | 3 | 6.80 |
| 2019 | 2 | 0.00 |
It may take a day or so for new Catalyst Center vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Catalyst Center Security Vulnerabilities
Cisco Catalyst Center RBAC Escalation via Read-Only Credentials
CVE-2025-20346
4.3 - Medium
- November 13, 2025
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
Improper Privilege Management
Cisco Catalyst Center Auth Remote Command Injection via REST API
CVE-2025-20349
6.3 - Medium
- November 13, 2025
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
Shell injection
Cisco Catalyst Center Access Control Flaw Allows Data Manipulation
CVE-2025-20223
4.7 - Medium
- May 07, 2025
A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP requests. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.
Authorization
Unauth API Exposes Proxy Config in Cisco Catalyst Center
CVE-2025-20210
7.3 - High
- May 07, 2025
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.
Missing Authentication for Critical Function
Unauthenticated SSH MITM via Static Host Key in Cisco Catalyst Center
CVE-2024-20350
8.1 - High
- September 25, 2024
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.
Cisco Catalyst Center Web UI Auth Bypass Enables Field Alteration
CVE-2024-20333
- March 27, 2024
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field.
CVE-2023-20184: Auth API Flaw in Cisco DNA Center Allows Root Exec
CVE-2023-20184
4.3 - Medium
- May 18, 2023
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
Files or Directories Accessible to External Parties
Cisco DNA Center API: Auth Remote Access & Priv Esc
CVE-2023-20183
4.3 - Medium
- May 18, 2023
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
Files or Directories Accessible to External Parties
Cisco DNA Center API Auth Bypass/Priv Escalation via Container Abuse
CVE-2023-20182
8.8 - High
- May 18, 2023
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.
Improper Input Validation
CVE-2023-20055: Privilege Escalation via Authenticated API in Cisco DNA Center
CVE-2023-20055
8.8 - High
- March 23, 2023
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials.
Cisco DNA Center PnP Agent RBAC Info Disclosure (CVE-2023-20059)
CVE-2023-20059
6.5 - Medium
- March 23, 2023
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files.
Cleartext Storage of Sensitive Information
A vulnerability in the audit log of Cisco DNA Center could
CVE-2022-20630
4.4 - Medium
- February 10, 2022
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials.
Insertion of Sensitive Information into Log File
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information
CVE-2021-34782
4.3 - Medium
- October 06, 2021
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could
CVE-2021-1134
- June 29, 2021
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network.
Improper Certificate Validation
A vulnerability in the Command Runner tool of Cisco DNA Center could
CVE-2021-1264
9.6 - Critical
- January 20, 2021
A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.
Shell injection
A vulnerability in the web-based management interface of Cisco DNA Center Software could
CVE-2021-1257
- January 20, 2021
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.
Session Riding
A vulnerability in the configuration archive functionality of Cisco DNA Center could
CVE-2021-1265
- January 20, 2021
A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.
Cleartext Storage of Sensitive Information
A vulnerability in the user management roles of Cisco DNA Center could
CVE-2021-1303
- January 20, 2021
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.
Incorrect Privilege Assignment
A vulnerability in the web-based management interface of Cisco DNA Center software could
CVE-2021-1130
4.8 - Medium
- January 13, 2021
A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have administrative credentials on the affected device.
XSS
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could
CVE-2020-3466
6.1 - Medium
- August 26, 2020
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
XSS
A vulnerability in Cisco DNA Center software could
CVE-2020-3411
7.5 - High
- August 17, 2020
A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.
authentification
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could
CVE-2019-15253
- February 05, 2020
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.
XSS
A vulnerability in the Software Image Management feature of Cisco DNA Center could
CVE-2019-1841
- April 18, 2019
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected.
Confused Deputy
A vulnerability in the web-based management interface of Cisco DNA Center could
CVE-2019-1707
- March 11, 2019
A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco DNA Center versions prior to 1.2.5 are affected.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Catalyst Center or by Cisco? Click the Watch button to subscribe.
