| Summary | A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials. |
|---|---|
| Publication Date | Sept. 26, 2024, 2:15 a.m. |
| Registration Date | Sept. 26, 2024, 5 a.m. |
| Last Update | Sept. 26, 2024, 10:32 p.m. |
| Title | シスコシステムズの Cisco Catalyst Center におけるハードコードされた暗号鍵の使用に関する脆弱性 |
|---|---|
| Summary | シスコシステムズの Cisco Catalyst Center には、ハードコードされた暗号鍵の使用に関する脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 25, 2024, midnight |
| Registration Date | Aug. 1, 2025, 10:26 a.m. |
| Last Update | Aug. 1, 2025, 10:26 a.m. |
| シスコシステムズ |
| Cisco Catalyst Center 1.0.0 |
| Cisco Catalyst Center 1.4.0.0 |
| Cisco Catalyst Center 2.1.1.0 |
| Cisco Catalyst Center 2.1.1.3 |
| Cisco Catalyst Center 2.1.2.0 |
| Cisco Catalyst Center 2.1.2.3 |
| Cisco Catalyst Center 2.1.2.4 |
| Cisco Catalyst Center 2.1.2.5 |
| Cisco Catalyst Center 2.1.2.6 |
| Cisco Catalyst Center 2.1.2.7 |
| Cisco Catalyst Center 2.1.2.8 |
| Cisco Catalyst Center 2.2.1.0 |
| Cisco Catalyst Center 2.2.1.3 |
| Cisco Catalyst Center 2.2.2.0 |
| Cisco Catalyst Center 2.2.2.1 |
| Cisco Catalyst Center 2.2.2.3 |
| Cisco Catalyst Center 2.2.2.4 |
| Cisco Catalyst Center 2.2.2.5 |
| Cisco Catalyst Center 2.2.2.6 |
| Cisco Catalyst Center 2.2.2.7 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年08月01日] 掲載 | Aug. 1, 2025, 8:48 a.m. |