{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T16:19:48.341","vulnerabilities":[{"cve":{"id":"CVE-2023-20055","sourceIdentifier":"psirt@cisco.com","published":"2023-03-23T17:15:14.127","lastModified":"2025-07-23T15:26:38.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials."},{"lang":"es","value":"Una vulnerabilidad en la API de administración de Cisco DNA Center podría permitir que un atacante remoto autenticado eleve privilegios en el contexto de la interfaz de administración web de un dispositivo afectado. Esta vulnerabilidad se debe a la exposición involuntaria de información confidencial. Un atacante podría explotar esta vulnerabilidad inspeccionando las respuestas de la API. En determinadas circunstancias, una explotación exitosa podría permitir al atacante acceder a la API con los privilegios de una cuenta de usuario de nivel superior. Para explotar esta vulnerabilidad, el atacante necesitaría al menos credenciales de observador válidas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_center:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.3.6","matchCriteriaId":"1BE4616D-A0C4-4E43-B300-4A689EBC7FA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:catalyst_center:2.3.4.0:*:*:*:*:*:*:*","matchCriteriaId":"80114D6D-ADCA-48F6-B22E-1D5FBDB9BA68"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RS","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RS","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}