CVE-2021-1303

Name of the Vulnerable Software and Affected Versions Cisco DNA Center (affected versions not specified)

Description The issue is related to improper enforcement of actions for assigned user roles in the user management service. This could allow a remote attacker to execute unauthorized commands on an affected device. An attacker could exploit this by authenticating as a user with an Observer role and then executing commands, potentially allowing them to view diagnostic information of managed devices.

Recommendations For all affected versions, consider restricting the privileges of the Observer role to prevent unauthorized command execution until a patch is available. As a temporary workaround, limit the actions that can be performed by users with the Observer role to minimize the risk of exploitation.