CVE-2023-20184
Published: 18 May 2023
Summary
CVE-2023-20184 is a medium-severity Improper Authorization (CWE-285) vulnerability in Cisco Catalyst Center. Its CVSS base score is 5.4 (Medium).
Operationally, ranked in the top 39.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-24363
Vulnerability details
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more…
more
information about these vulnerabilities, see the Details section of this advisory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Authorization checks via training and content reviews ensure only approved information is released to public systems.
Documenting access to processing and storage locations helps ensure correct authorization for information resources.
Requiring explicit approval for maintenance activities and component removal enforces proper authorization for critical system operations.
Procedures enforce authorization rules for media handling, making unauthorized actions harder to perform without detection.
Limiting media access to authorized parties addresses improper authorization for resource access.
The control requires authorization mechanisms and senior approval to prevent unauthorized viewing or alteration of the plan.
Mandates authorization checks so public access cannot perform disallowed operations or modifications.
Decoys identify and block exploitation of improper authorization by providing monitored targets that mimic protected functions.