Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN792 _____________________________________________________________________ DATE : 13/11/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Catalyst Center. ===================================================================== https://sec.cloudapps.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2025-November-13. The following PSIRT security advisories (1 High, 4 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability - SIR: High 2) Cisco Catalyst Center Cross-Site Scripting Vulnerability - SIR: Medium 3) Cisco Catalyst Center REST API Command Injection Vulnerability - SIR: Medium 4) Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability - SIR: Medium 5) Cisco Catalyst Center Privilege Escalation Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability CVE-2025-20341 SIR: High CVSS Score v(3.1): 8.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX"] +-------------------------------------------------------------------- 2) Cisco Catalyst Center Cross-Site Scripting Vulnerability CVE-2025-20353 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59"] +-------------------------------------------------------------------- 3) Cisco Catalyst Center REST API Command Injection Vulnerability CVE-2025-20349 SIR: Medium CVSS Score v(3.1): 6.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT"] +-------------------------------------------------------------------- 4) Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability CVE-2025-20355 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je"] +-------------------------------------------------------------------- 5) Cisco Catalyst Center Privilege Escalation Vulnerability CVE-2025-20346 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================