—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

REST API Command Injection Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Catalyst Center

Overview

A vulnerability has been reported in REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Cisco Catalyst Center.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device.

Successful exploitation of this vulnerability could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT

CVE Name

CVE-2025-20349

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkZcM4ACgkQ3jCgcSdc

ys9unQ//fm4L6RD4wpd4ubmnUV7cWx7ndBGq9gsu8HRuq4RHL9oCJ5C9JvkhJfo2

l8Xfw6onBP2V+9fAczwjH0B3Cq9jDMm+smb7UQlIQ4fpiENBRIERHIziHpykSPlf

TV41+1DP/0sY684D5SgVgAYJelOsRITt9c4O1KpSsb4YX7mBGeliQjD3X/NislfZ

Tm/6xixwqBjTKVpgnKDgPAm0jjWDpT7f16No7Jm2tUIfjV0BVTrBMD4AXypRYET8

5eVwRAPtalghSsCs2WK3gGkqSxuG8/0kEiKeppLkzHKPfcV5j9acby6WQbBoalV7

+06q4kHpyKYKtU3pWbZWYT19LtPtlUn9vfe6LffLN746JZ7Nm8b3WEpNG8LkVnN9

V723votQX7qjiRWQil8otooMkgq25IrUzioThH25xREbh7za+MQiKsZXnfQEZrlK

eVpO42cGC17cRej6Lj1gw4z03Gwz/Bv8lai0YQNzdoxcIyagKlY3kWgHaXgvXmKl

pj8J2NoNEtCUCvoKfXSWM4JGsTIGz/vqvzBxNEv9bSsM9tl8CFGjN8GLhtb7Wq6E

DRkheS0ktkwgWxKLvpnWbfmlCgs0wbgepcxAZCyeB0sMojYwvwx7ShKWY/QkEcpD

kHb3BH1CHGW/UVO+teunEIcu9rHHIe2lpUuXFnV/JN+FLu/EpkM=

=o3nT

—–END PGP SIGNATURE—–