CVE-2023-20223

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Sep 27, 2023

Updated: Jan 25, 2024

CWE ID 284

Summary

CVE-2023-20223 is a newly disclosed vulnerability in Cisco DNA Center. This issue permits unauthenticated, remote attackers to manipulate data in a repository associated with an internal service on susceptible devices. The cause of this vulnerability stems from inadequate access control on API requests. An assailant can exploit this flaw by crafting a specially designed API request, which, if successful, enables the attacker to modify data handled by an internal service on the vulnerable device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco DNA Center

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sz-c87
https://www.cve.org/CVERecord?id=CVE-2023-20223
https://nvd.nist.gov/vuln/detail/CVE-2023-20223

Back to Vulnerability Database