A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings.

This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00115.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Cisco Subscribe
Catalyst Center Subscribe

Configuration 1 [-]

cpe:2.3:a:cisco:catalyst_center:*:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13918 A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-api-nBPZcJCM cve-icon cve-icon
History

Thu, 14 Aug 2025 04:15:00 +0900

Type Values Removed Values Added
First Time appeared Cisco
Cisco catalyst Center
CPEs cpe:2.3:a:cisco:catalyst_center:*:*:*:*:*:*:*:*
Vendors & Products Cisco
Cisco catalyst Center

Mon, 14 Jul 2025 22:45:00 +0900

Type Values Removed Values Added
Metrics epss

{'score': 0.0011}

 epss

{'score': 0.00107}

Thu, 08 May 2025 05:15:00 +0900

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 08 May 2025 02:30:00 +0900

Type Values Removed Values Added
Description A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic.
Title Cisco Catalyst Center Unprotected API Endpoint
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-05-07T19:48:12.129Z

Reserved: 2024-10-10T19:15:13.231Z

Link: CVE-2025-20210

cve-icon Vulnrichment

Updated: 2025-05-07T18:57:08.738Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-07T18:15:41.240

Modified: 2025-08-13T19:05:32.047

Link: CVE-2025-20210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses