Cisco released a list of 16 security advisories on May 16, including three critical flaws in the Cisco Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale.
The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. One involves exploiting a hardcoded admin password, one attacks the Kubernetes port, and the third relies on a specially crafted URL not being normalized before DNA Center resolves a service request. Cisco has released an update to the DNA Center (v 1.1.3) that resolves all three security flaws.
Read more about the three critical flaws in Cisco DNA Center that could allow an attacker to seize complete administrative control on TechRepublic.