CVE-2019-1841

Name of the Vulnerable Software and Affected Versions Cisco DNA Center versions prior to 1.2.5

Description A vulnerability in the Software Image Management feature could allow an authenticated, remote attacker to access internal services without additional authentication. This issue is due to insufficient validation of user-supplied input. An attacker could exploit this by sending arbitrary HTTP requests to internal services, potentially bypassing firewalls or other protections to access unauthorized internal services.

Recommendations For versions prior to 1.2.5, update to version 1.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to internal services until a patch is applied. Avoid using the Software Image Management feature until the issue is resolved.