The version of Cisco DNA Center installed on the remote host is prior to 2.3.3.5. It is, therefore, affected by an information disclosure vulnerability. Due to improper authorization of API requests, a remote attacker with low privileges can send a specific API request to an affected device to read information from a restricted container that would normally only be accessible to high-privileged users.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More