CVE-2025-20341
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-13
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | catalyst_center_virtual_appliance | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Cisco Catalyst Center Virtual Appliance allows an authenticated remote attacker with at least Observer role credentials to elevate their privileges to Administrator by exploiting insufficient validation of user-supplied input via crafted HTTP requests.
How can this vulnerability impact me? :
An attacker who successfully exploits this vulnerability could perform unauthorized modifications on the affected system, such as creating new user accounts or elevating their own privileges, potentially leading to full administrative control and compromising system integrity, confidentiality, and availability.