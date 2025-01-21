A cross-site request forgery (CSRF) vulnerability in the Cisco Digital Network Architecture (DNA) Center could open enterprise users to remote attack and takeover.

The flaw, tracked as CVE-2021-1257[*], exists in the web-based management interface of the Cisco DNA Center, which is a centralized network-management and orchestration platform for Cisco DNA. It carries a CVSS vulnerability-severity score of 7.1, making it high-severity.

[...] The web-based management interface used for accessing and using the Cisco DNA Center has insufficient CSRF protections in software versions prior to 2.1.1.0. The patch issued today addresses the problem.

[...] This vulnerability is fixed in Cisco DNA Center Software releases 2.1.1.0, 2.1.2.0, 2.1.2.3 and 2.1.2.4, and later. Cisco credited Benoit Malaboeuf and Dylan Garnaud from Orange for reporting the bug. vulnerability.[sic]

[...] The most serious flaw (CVE-2021-1144[**]) afflicted Cisco Connected Mobile Experiences (CMX), a software solution that is utilized by retailers to provide business insights or on-site customer experience analytics. The solution uses the Cisco wireless infrastructure to collect a treasure trove of data from the retailer’s Wi-Fi network, including real-time customer-location tracking. The high-severity issue (8.8 out of 10 on the CVSS vulnerability-severity scale) could allow an authenticated attacker to impersonate any user on the system.