Cisco · Cisco Dna Center · CVE-2021-1265
Name of the Vulnerable Software and Affected Versions:
Cisco DNA Center (affected versions not specified)
Description:
The issue is related to the configuration archive functionality, where confidential information is stored unencrypted. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is due to configuration archive files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this by authenticating to the device and executing a series of API calls, potentially retrieving the full unmasked running configurations of managed devices.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.