Admin security vulnerability threatens Cisco Catalyst Center
Security updates close several vulnerabilities in Cisco's network control center Catalyst Center.
(Image: heise online)
Attackers can gain administrator privileges by successfully exploiting a security vulnerability in Cisco's Catalyst Center. The developers have now closed this and other vulnerabilities. So far, there are no reports of attacks. However, this could change quickly.
Various Dangers
Admins manage networks with Catalyst Center. Because attacks at such a point are very damaging, the software should be updated promptly. The most dangerous is considered to be a vulnerability (CVE-2025-20341 “high”) through which remote attackers can escalate to admin. However, this only works if they are already authenticated as at least an observer.
Once this hurdle is overcome, they can initiate attacks with prepared HTTP requests. Due to insufficient checks, these are processed, and errors occur. Subsequently, attackers can create new accounts. In a warning message, the developers state that only Catalyst Center from version 2.3.7.3-VA is exclusively affected. Previous versions and 3.1 are not threatened. Version 2.3.7.10-VA contains a security patch.
The remaining software vulnerabilities (CVE-2025-20341, CVE-2025-20349, CVE-2025-20353, CVE-2025-20355, CVE-2025-20346) are classified with the threat level “medium.” If attacks are successful at these points, attackers can, among other things, escalate to root user. However, for this to work, they must already be logged into systems.
Videos by heise
Admins can find further information in the linked warning messages from the network equipment manufacturer.
The list of vulnerabilities sorted by threat level in descending order:
- Cisco Catalyst Center Virtual Appliance Privilege Escalation
- Cisco Catalyst Center REST API Command Injection
- Cisco Catalyst Center Cross-Site Scripting
- Cisco Catalyst Center Virtual Appliance HTTP Open Redirect
- Cisco Catalyst Center Privilege Escalation
(des)
