Impact
A flaw in Cisco Catalyst Center permits an unauthenticated attacker to send a crafted HTTP request that bypasses input validation. The vulnerability allows reading of arbitrary files from a restricted container, exposing confidential data. The weakness is a form of path traversal, indexed as CWE-22.
Affected Systems
The product affected is Cisco Catalyst Center. No specific product version information is listed in the CVE data, so all releases of the platform are considered potentially impacted until further vendor guidance is available.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity risk, while the EPSS score of less than 1% indicates a low probability of exploitation. It is not listed in CISA’s KEV catalog. The attack vector is an unauthenticated remote HTTP request, which means an external attacker with network access to the device could exploit the flaw by sending a specially crafted request to the web interface.
OpenCVE Enrichment