Unauthenticated SSH MITM via Static Host Key in Cisco Catalyst Center
CVE-2024-20350 Published on September 25, 2024
Cisco Catalyst Center Static SSH Host Key Vulnerability
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance.
This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.
Vulnerability Analysis
CVE-2024-20350 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Products Associated with CVE-2024-20350
Want to know whenever a new CVE is published for Cisco Catalyst Center? stack.watch will email you.
Affected Versions
Cisco Digital Network Architecture Center (DNA Center):- Version 1.4.0.0 is affected.
- Version 2.1.1.0 is affected.
- Version 2.1.1.3 is affected.
- Version 2.1.2.0 is affected.
- Version 2.1.2.3 is affected.
- Version 2.1.2.4 is affected.
- Version 2.1.2.5 is affected.
- Version 2.2.1.0 is affected.
- Version 2.1.2.6 is affected.
- Version 2.2.2.0 is affected.
- Version 2.2.2.1 is affected.
- Version 2.2.2.3 is affected.
- Version 2.1.2.7 is affected.
- Version 2.2.1.3 is affected.
- Version 2.2.3.0 is affected.
- Version 2.2.2.4 is affected.
- Version 2.2.2.5 is affected.
- Version 2.2.3.3 is affected.
- Version 2.2.2.7 is affected.
- Version 2.2.2.6 is affected.
- Version 2.2.2.8 is affected.
- Version 2.2.3.4 is affected.
- Version 2.1.2.8 is affected.
- Version 2.3.2.1 is affected.
- Version 2.3.2.1-AIRGAP is affected.
- Version 2.3.2.1-AIRGAP-CA is affected.
- Version 2.2.3.5 is affected.
- Version 2.3.3.0 is affected.
- Version 2.3.3.3 is affected.
- Version 2.3.3.1-AIRGAP is affected.
- Version 2.3.3.1 is affected.
- Version 2.3.2.3 is affected.
- Version 2.3.3.3-AIRGAP is affected.
- Version 2.2.3.6 is affected.
- Version 2.2.2.9 is affected.
- Version 2.3.3.0-AIRGAP is affected.
- Version 2.3.3.3-AIRGAP-CA is affected.
- Version 2.3.3.4 is affected.
- Version 2.3.3.4-AIRGAP is affected.
- Version 2.3.3.4-AIRGAP-MDNAC is affected.
- Version 2.3.3.4-HF1 is affected.
- Version 2.3.4.0 is affected.
- Version 2.3.3.5 is affected.
- Version 2.3.3.5-AIRGAP is affected.
- Version 2.3.4.0-AIRGAP is affected.
- Version 2.3.4.3 is affected.
- Version 2.3.4.3-AIRGAP is affected.
- Version 2.3.3.6 is affected.
- Version 2.3.5.0 is affected.
- Version 2.3.3.6-AIRGAP is affected.
- Version 2.3.5.0-AIRGAP is affected.
- Version 2.3.3.6-AIRGAP-MDNAC is affected.
- Version 2.3.5.0-AIRGAP-MDNAC is affected.
- Version 2.3.3.7 is affected.
- Version 2.3.3.7-AIRGAP is affected.
- Version 2.3.3.7-AIRGAP-MDNAC is affected.
- Version 2.3.6.0 is affected.
- Version 2.3.3.6-70045-HF1 is affected.
- Version 2.3.3.7-72328-AIRGAP is affected.
- Version 2.3.3.7-72323 is affected.
- Version 2.3.3.7-72328-MDNAC is affected.
- Version 2.3.5.3 is affected.
- Version 2.3.5.3-AIRGAP-MDNAC is affected.
- Version 2.3.5.3-AIRGAP is affected.
- Version 2.3.6.0-AIRGAP is affected.
- Version 2.3.7.0 is affected.
- Version 2.3.7.0-AIRGAP is affected.
- Version 2.3.7.0-AIRGAP-MDNAC is affected.
- Version 2.3.7.0-VA is affected.
- Version 2.3.5.4 is affected.
- Version 2.3.5.4-AIRGAP is affected.
- Version 2.3.5.4-AIRGAP-MDNAC is affected.
- Version 2.3.7.3 is affected.
- Version 2.3.7.3-AIRGAP is affected.
- Version 2.3.7.3-AIRGAP-MDNAC is affected.
- Version 2.3.5.5-AIRGAP is affected.
- Version 2.3.5.5 is affected.
- Version 2.3.5.5-AIRGAP-MDNAC is affected.
- Version 2.3.7.4 is affected.
- Version 2.3.7.4-AIRGAP is affected.
- Version 2.3.7.4-AIRGAP-MDNAC is affected.
- Version 1.0.0.0 is affected.
- Version 2.3.5.5-70026-HF70 is affected.
- Version 2.3.5.5-70026-HF51 is affected.
- Version 2.3.5.5-70026-HF52 is affected.
- Version 2.3.5.5-70026-HF53 is affected.
- Version 1.4.0.0 is affected.
- Version 2.1.1.0 is affected.
- Version 2.1.1.3 is affected.
- Version 2.1.2.0 is affected.
- Version 2.1.2.3 is affected.
- Version 2.1.2.4 is affected.
- Version 2.1.2.5 is affected.
- Version 2.2.1.0 is affected.
- Version 2.1.2.6 is affected.
- Version 2.2.2.0 is affected.
- Version 2.2.2.1 is affected.
- Version 2.2.2.3 is affected.
- Version 2.1.2.7 is affected.
- Version 2.2.1.3 is affected.
- Version 2.2.3.0 is affected.
- Version 2.2.2.4 is affected.
- Version 2.2.2.5 is affected.
- Version 2.2.3.3 is affected.
- Version 2.2.2.7 is affected.
- Version 2.2.2.6 is affected.
- Version 2.2.2.8 is affected.
- Version 2.2.3.4 is affected.
- Version 2.1.2.8 is affected.
- Version 2.3.2.1 is affected.
- Version 2.3.2.1-airgap is affected.
- Version 2.3.2.1-airgap-ca is affected.
- Version 2.2.3.5 is affected.
- Version 2.3.3.0 is affected.
- Version 2.3.3.3 is affected.
- Version 2.3.3.1-airgap is affected.
- Version 2.3.3.1 is affected.
- Version 2.3.2.3 is affected.
- Version 2.3.3.3-airgap is affected.
- Version 2.2.3.6 is affected.
- Version 2.2.2.9 is affected.
- Version 2.3.3.0-airgap is affected.
- Version 2.3.3.3-airgap-ca is affected.
- Version 2.3.3.4 is affected.
- Version 2.3.3.4-airgap is affected.
- Version 2.3.3.4-airgap-mdnac is affected.
- Version 2.3.3.4-hf1 is affected.
- Version 2.3.4.0 is affected.
- Version 2.3.3.5 is affected.
- Version 2.3.3.5-airgap is affected.
- Version 2.3.4.0-airgap is affected.
- Version 2.3.4.3 is affected.
- Version 2.3.4.3-airgap is affected.
- Version 2.3.3.6 is affected.
- Version 2.3.5.0 is affected.
- Version 2.3.3.6-airgap is affected.
- Version 2.3.5.0-airgap is affected.
- Version 2.3.3.6-airgap-mdnac is affected.
- Version 2.3.5.0-airgap-mdnac is affected.
- Version 2.3.3.7 is affected.
- Version 2.3.3.7-airgap is affected.
- Version 2.3.3.7-airgap-mdnac is affected.
- Version 2.3.6.0 is affected.
- Version 2.3.3.6-70045-hf1 is affected.
- Version 2.3.3.7-72328-airgap is affected.
- Version 2.3.3.7-72323 is affected.
- Version 2.3.3.7-72328-mdnac is affected.
- Version 2.3.5.3 is affected.
- Version 2.3.5.3-airgap-mdnac is affected.
- Version 2.3.5.3-airgap is affected.
- Version 2.3.6.0-airgap is affected.
- Version 2.3.7.0 is affected.
- Version 2.3.7.0-airgap is affected.
- Version 2.3.7.0-airgap-mdnac is affected.
- Version 2.3.7.0-va is affected.
- Version 2.3.5.4 is affected.
- Version 2.3.5.4-airgap is affected.
- Version 2.3.5.4-airgap-mdnac is affected.
- Version 2.3.7.3 is affected.
- Version 2.3.7.3-airgap is affected.
- Version 2.3.7.3-airgap-mdnac is affected.
- Version 2.3.5.5-airgap is affected.
- Version 2.3.5.5 is affected.
- Version 2.3.5.5-airgap-mdnac is affected.
- Version 2.3.7.4 is affected.
- Version 2.3.7.4-airgap is affected.
- Version 2.3.7.4-airgap-mdnac is affected.
- Version 1.0.0.0 is affected.
- Version 2.3.5.5-70026-hf70 is affected.
- Version 2.3.5.5-70026-hf51 is affected.
- Version 2.3.5.5-70026-hf52 is affected.
- Version 2.3.5.5-70026-hf53 is affected.
Exploit Probability
EPSS
2.50%
Percentile
85.10%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.