CVE-2025-20346 | THREATINT

Description

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.

PUBLISHED Reserved 2024-10-10 | Published 2025-11-13 | Updated 2025-12-01 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

Improper Privilege Management

Product status

Default status

unknown

2.1.1.0

affected

2.1.1.3

affected

2.1.2.0

affected

2.1.2.3

affected

2.1.2.5

affected

2.2.1.0

affected

2.1.2.6

affected

2.2.2.0

affected

2.2.2.3

affected

2.1.2.7

affected

2.2.1.3

affected

2.2.3.0

affected

2.2.2.4

affected

2.2.2.5

affected

2.2.3.3

affected

2.2.2.7

affected

2.2.2.6

affected

2.2.2.8

affected

2.2.3.4

affected

2.3.2.1

affected

2.3.2.1-AIRGAP

affected

2.3.2.1-AIRGAP-CA

affected

2.2.3.5

affected

2.3.3.3

affected

2.3.3.1-AIRGAP

affected

2.3.3.1

affected

2.3.2.3

affected

2.3.3.3-AIRGAP

affected

2.2.2.9

affected

2.3.3.0-AIRGAP

affected

2.3.3.4

affected

2.3.3.4-AIRGAP

affected

2.3.3.4-AIRGAP-MDNAC

affected

2.3.3.5

affected

2.3.3.5-AIRGAP

affected

2.3.4.0-AIRGAP

affected

2.3.4.3

affected

2.3.4.3-AIRGAP

affected

2.3.3.6

affected

2.3.3.6-AIRGAP

affected

2.3.3.6-AIRGAP-MDNAC

affected

2.3.5.0-AIRGAP-MDNAC

affected

VA Launchpad 1.0.3

affected

VA Launchpad 1.0.4

affected

2.3.3.7

affected

2.3.3.7-AIRGAP

affected

2.3.3.7-AIRGAP-MDNAC

affected

2.3.6.0

affected

2.3.3.6-70045-HF1

affected

VA Launchpad 1.2.1

affected

2.3.3.7-72328-AIRGAP

affected

2.3.3.7-72323

affected

2.3.3.7-72328-MDNAC

affected

2.3.5.3

affected

2.3.5.3-AIRGAP-MDNAC

affected

2.3.5.3-AIRGAP

affected

2.3.6.0-AIRGAP

affected

VA Launchpad 1.3.0

affected

VA Launchpad 1.5.0

affected

2.3.7.0

affected

2.3.7.0-AIRGAP

affected

2.3.7.0-AIRGAP-MDNAC

affected

2.3.7.0-VA

affected

2.3.5.4-AIRGAP

affected

2.3.5.4-AIRGAP-MDNAC

affected

VA Launchpad 1.6.0

affected

2.3.7.3

affected

2.3.7.3-AIRGAP

affected

2.3.7.3-AIRGAP-MDNAC

affected

VA Launchpad 1.7.0

affected

2.3.5.5-AIRGAP

affected

2.3.5.5

affected

2.3.5.5-AIRGAP-MDNAC

affected

2.3.7.4

affected

2.3.7.4-AIRGAP

affected

2.3.7.5-AIRGAP

affected

VA Launchpad 1.9.0

affected

2.3.5.6-AIRGAP

affected

2.3.5.6-AIRGAP-MDNAC

affected

1.0.0.0

affected

Cisco CCGM 1.0.0.0

affected

2.3.7.6-AIRGAP

affected

2.3.7.6

affected

2.3.7.6-VA

affected

2.3.5.5-70026-HF70

affected

2.3.5.5-70026-HF51

affected

2.3.5.6-70143-HF20

affected

2.3.7.6-AIRGAP-MDNAC

affected

2.3.5.5-70026-HF53

affected

2.3.5.5-70026-HF71

affected

2.3.7.7

affected

2.3.7.7-VA

affected

2.3.7.7-AIRGAP

affected

2.3.7.7-AIRGAP-MDNAC

affected

2.3.7.9-VA

affected

2.3.7.9

affected

2.3.7.9-AIRGAP

affected

2.3.7.9-AIRGAP-MDNAC

affected

Cisco CCGM 1.1.1

affected

2.3.7.9-70301-GSMU10

affected

2.3.7.9-70301-SMU1

affected

2.3.7.9-75403-SMU10

affected

2.3.7.9-75403-GSMU10

affected

Cisco CCGM 1.2.1

affected

2.3.5.3-EULA

affected

2.3.7.9.75403.10-VA

affected

0.0.0.0

affected

1.16.54

affected

References

sec.cloudapps.cisco.com/...ry/cisco-sa-privesc-catc-rYjReeLU (cisco-sa-privesc-catc-rYjReeLU)

cve.org (CVE-2025-20346)

nvd.nist.gov (CVE-2025-20346)

Download JSON