The version of Cisco DNA Center installed on the remote host is prior to 2.3.3.7 or is 2.3.5.0. It may, therefore, be affected by an information disclosure vulnerability if configured for PnP operation and to push configuration files to other Cisco external devices on the network. Due to improper role-based access control with the integration of PnP, an authenticated, remote attacker may be able to send a query to an internal API allowing the attacker to view sensitive information in clear text, including configuration files.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More