The version of Cisco DNA Center installed on the remote host is prior to 2.3.3.6 or is 2.3.4.x. It is, therefore, affected by a privilege escalation vulnerability. Due to unintended exposure of sensitive information in the web-based management interface, an authenticated remote attacker can inspect responses from the API to access the API with the privileges of a higher-level user account.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More