—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Catalyst Center

Overview

A vulnerability has been reported in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Cisco Catalyst Center.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations.

Successful exploitation of this vulnerability could allow the attacker to modify policy configurations that are reserved for the Administrator role.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU

CVE Name

CVE-2025-20346

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkZbzAACgkQ3jCgcSdc

ys+zLw//fGnPaqIK//eXzTDPAkSt4FU2OmucSoW5Su3tLwxILvq4HRgXn9PMhCZO

Rcg34CWtbC6ouSm/rIzp7hphwESAdYz+ZihiZzWA9Egrjpt1+DbkjEczOxGpsAy4

cKweBNrmGxM3Yic+/5JKzv6mcYonbfnB230bEUjDH3HYurjumXkR8j8ll0PKXsmg

to+MXmEjZ/66mBTsb5PZwIeUQ4EqepdYMok/RYPmj+WHLHnLeYYd77SM9vbscarL

Na6Ib6R2Lb34mm7qy9WXekYpOmds17g6XxphUqqQXOEvgL3NO6WxcZ+hevMENcHp

uYLnD1L4JmZgvpNu9l4xJji27QpdyddhQPZJNfAUGeorgvTyvJrpviUUq/AVLF46

bvpnk65T4+lPZJLLkGXCIW7j/eT8LFI18NBcGQtudKOAhXKrotfb8E027dsDFE3Z

h2JzpJIDIBz/bzyIXY4ki95YM7Wlnm+u2xwwDqpIuspwXQDto7z25/P5ftXrRiJW

GUsOOdKmSF4Gq4zlUAW3VPY4/Juw/gBQnnN7sF7xiA9gAAF4oHu9aahvNj9BRogw

8ih0XXgy8/K7SDt2HwocA5WX9tf29ZoPmlmbBsqFSeIgUXPWniaZ573duymvr4t1

UF1PMqNu6X5Fp0iGlyF2NO2D0f5ipezU3qCwnjxaAIxm3Yf0TUA=

=GUMG

—–END PGP SIGNATURE—–