Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems.<\/p>\n
The vulnerability, tracked as CVE-2025-20341, impacts virtual appliances running on VMware ESXi and carries a high severity rating with a CVSS score of 8.8.<\/p>\n
This flaw poses a major risk to organizations using these systems for network management<\/a> and monitoring.<\/p>\n The vulnerability stems from poor input validation within the system. When users submit data through web requests, the software fails to properly check and verify the information.<\/p>\n This oversight creates an opportunity for attackers to send specially designed HTTP requests that trick the system into granting them higher privileges.<\/p>\n The attack can be carried out remotely over the network, making it particularly dangerous for exposed systems.<\/p>\n What makes this vulnerability concerning is that an attacker only needs basic access credentials to exploit it.<\/p>\n Someone with Observer role permissions, which are typically given to users who need to view system information, can use this flaw to elevate their privileges<\/a> to Administrator level.<\/p>\n Once they gain administrator access, attackers can create new user accounts, modify system settings, and perform other unauthorized actions that compromise the security of the entire network infrastructure.<\/p>\n Cisco security researchers identified<\/a> this vulnerability during work on a support case with the Technical Assistance Center.<\/p>\n The company has confirmed that no public exploits have been observed yet, which gives organizations a window to patch their systems before widespread attacks begin.<\/p>\n The vulnerability affects Cisco Catalyst Center Virtual Appliance versions 2.3.7.3-VA and later releases.<\/p>\n The security flaw is rooted in insufficient validation mechanisms that process user-supplied input through HTTP requests.<\/p>\n When the system receives these crafted requests, it fails to properly sanitize the data before processing privilege escalation operations.<\/p>\n Cisco has released version 2.3.7.10-VA as the fixed release that addresses this security issue. Organizations running affected versions should upgrade immediately to this patched version.<\/p>\nTechnical Details and Mitigation<\/strong><\/h2>\n