We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20210

Cisco Catalyst Center Unprotected API Endpoint



Description

A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.

Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco


HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Problem types

Missing Authentication for Critical Function

Product status

Default status
unknown

2.1.1.0
affected

2.1.1.3
affected

2.1.2.0
affected

2.1.2.3
affected

2.1.2.4
affected

2.1.2.5
affected

2.2.1.0
affected

2.1.2.6
affected

2.2.2.0
affected

2.2.2.1
affected

2.2.2.3
affected

2.1.2.7
affected

2.2.1.3
affected

2.2.3.0
affected

2.2.2.4
affected

2.2.2.5
affected

2.2.3.3
affected

2.2.2.7
affected

2.2.2.6
affected

2.2.2.8
affected

2.2.3.4
affected

2.1.2.8
affected

2.3.2.1
affected

2.3.2.1-AIRGAP
affected

2.3.2.1-AIRGAP-CA
affected

2.2.3.5
affected

2.3.3.0
affected

2.3.3.3
affected

2.3.3.1-AIRGAP
affected

2.3.3.1
affected

2.3.2.3
affected

2.3.3.3-AIRGAP
affected

2.2.3.6
affected

2.2.2.9
affected

2.3.3.0-AIRGAP
affected

2.3.3.3-AIRGAP-CA
affected

2.3.3.4
affected

2.3.3.4-AIRGAP
affected

2.3.3.4-AIRGAP-MDNAC
affected

2.3.3.4-HF1
affected

2.3.4.0
affected

2.3.3.5
affected

2.3.3.5-AIRGAP
affected

2.3.4.0-AIRGAP
affected

2.3.4.3
affected

2.3.4.3-AIRGAP
affected

2.3.3.6
affected

2.3.5.0
affected

2.3.3.6-AIRGAP
affected

2.3.5.0-AIRGAP
affected

2.3.3.6-AIRGAP-MDNAC
affected

2.3.5.0-AIRGAP-MDNAC
affected

2.3.3.7
affected

2.3.3.7-AIRGAP
affected

2.3.3.7-AIRGAP-MDNAC
affected

2.3.6.0
affected

2.3.3.6-70045-HF1
affected

2.3.3.7-72328-AIRGAP
affected

2.3.3.7-72323
affected

2.3.3.7-72328-MDNAC
affected

2.3.5.3
affected

2.3.5.3-AIRGAP-MDNAC
affected

2.3.5.3-AIRGAP
affected

2.3.6.0-AIRGAP
affected

2.3.7.0
affected

2.3.7.0-AIRGAP
affected

2.3.7.0-AIRGAP-MDNAC
affected

2.3.7.0-VA
affected

2.3.5.4
affected

2.3.5.4-AIRGAP
affected

2.3.5.4-AIRGAP-MDNAC
affected

2.3.7.3
affected

2.3.7.3-AIRGAP
affected

2.3.7.3-AIRGAP-MDNAC
affected

2.3.5.5-AIRGAP
affected

2.3.5.5
affected

2.3.5.5-AIRGAP-MDNAC
affected

2.3.7.4
affected

2.3.7.4-AIRGAP
affected

2.3.7.4-AIRGAP-MDNAC
affected

2.3.7.5-AIRGAP
affected

2.3.7.5-VA
affected

2.3.5.6-AIRGAP
affected

2.3.5.6
affected

2.3.5.6-AIRGAP-MDNAC
affected

2.3.7.6-AIRGAP
affected

2.3.7.6
affected

2.3.7.6-VA
affected

2.3.5.5-70026-HF70
affected

2.3.5.5-70026-HF51
affected

2.3.5.6-70143-HF20
affected

2.3.7.6-AIRGAP-MDNAC
affected

2.3.5.5-70026-HF52
affected

2.3.5.5-70026-HF53
affected

2.3.5.5-70026-HF71
affected

2.3.7.7
affected

2.3.7.7-VA
affected

2.3.7.7-AIRGAP
affected

2.3.7.7-AIRGAP-MDNAC
affected

2.3.5.5-70026-HF72
affected

References

sec.cloudapps.cisco.com/...visory/cisco-sa-dnac-api-nBPZcJCM (cisco-sa-dnac-api-nBPZcJCM)

cve.org (CVE-2025-20210)

nvd.nist.gov (CVE-2025-20210)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-20210

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.