—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Cisco Catalyst Center Virtual Appliance on VMware ESXi

Overview

A vulnerability has been reported in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Cisco Catalyst Center Virtual Appliance.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system.

Successful exploitation of this vulnerability could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX

CVE Name

CVE-2025-20341

– – – —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkZblQACgkQ3jCgcSdc

ys+2OA/+LEd/LAqJMeRVgSmNBIg1P/d8uV9XnpQvjRmnfoZH0mV46FCkd2dX0/Oz

W8uYHG6plwxvkG586aJcRyMOcyl4Pf/NA6k1dfa9KQXOEB1yEmRAb7nxUfeb5nBb

dTUTiH/jMaf3X4kuiGLj1ydMcj3Q122pLxdlBFejaQFUQd5PJV8OKBbE54z/RBwK

u03PsfveOhqD/8Kh04LcB43Oo3pL6XAXEl3Pgh6RHHMZllJaTmCfQUCYHGWyXTE4

FqrHwAmm2Qv/W9cfm1tXh37D3ORP2ksAKq5qZGqC1xkuWyaXa3VzmeFnlETjTHbL

WnhhY5O32QIzeDRrTpzxDBu1sbL337Wc4LYZ69eVkqmuWplNHgov+i75K6sfmU0b

R4DUMDnlenYA3o7i1VqCDgNEB2jENpPhTVlT6Go974BM8HChqiuCTyl2nwd4NsQx

rnoKzvufzAQWR5ascTwCYHHSEgyB4bLqQCdKwLqfIoywhDAYLYqNU85wWKHM0cs6

fil6fAfLaveGUyhxMQ3fABrFF7sdHyqCmhrFgURrErHZJuA4PvfwkR8NWxtht5Q2

k+lNmgxyjBDt7bqCYzLDAjJKYkZnS47oq92ch4d4HX+uBKrgB4MWaw176nC3MPgu

d76/z1O+k2X6FFHRv6gK8PNKm3tCfPtaQ1C3TkdRBAdOSADX7w8=

=EyJ8

—–END PGP SIGNATURE—–