CVE-2021-1303 vulnerability in Cisco Products
Published on January 20, 2021
Cisco DNA Center Privilege Escalation Vulnerability
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.
Weakness Type
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2021-1303
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-1303 are published in these products:
Affected Versions
Cisco Digital Network Architecture Center (DNA Center) Version n/a is affected by CVE-2021-1303Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.