A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HCisco Catalyst Center
APPCisco1.0.01.4.0.02.1.1.02.1.1.32.1.2.02.1.2.32.1.2.42.1.2.52.1.2.62.1.2.72.1.2.82.2.1.02.2.1.32.2.2.02.2.2.1+ 67 więcej
Powiązane podatności
A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker t...
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unau...
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to ele...
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Softwa...
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthentica...