HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-20350

CVSS 7.5v3.1pub. 2024-09-25upd. 2025-07-30

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Cisco Catalyst Center

    APP
    Cisco
    1.0.01.4.0.02.1.1.02.1.1.32.1.2.02.1.2.32.1.2.42.1.2.52.1.2.62.1.2.72.1.2.82.2.1.02.2.1.32.2.2.02.2.2.1+ 67 więcej
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-1264CRITICAL9.6ten sam produkt

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker t...

CVE-2025-20210HIGH7.3ten sam produkt

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unau...

CVE-2023-20055HIGH8.0ten sam produkt

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to ele...

CVE-2021-1134HIGH7.4ten sam produkt

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Softwa...

CVE-2021-1257HIGH8.8ten sam produkt

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthentica...