A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 23 Jul 2025 15:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Cisco catalyst Center | |
| CPEs | cpe:2.3:a:cisco:catalyst_center:*:*:*:*:*:*:*:* | |
| Vendors & Products | Cisco dna Center | Cisco catalyst Center | 
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: cisco
Published: 2021-01-20T19:57:55.577116Z
Updated: 2024-11-12T20:22:10.641Z
Reserved: 2020-11-13T00:00:00
Link: CVE-2021-1257
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2021-01-20T20:15:14.207
Modified: 2025-07-23T15:26:38.713
Link: CVE-2021-1257
 Redhat
                        Redhat
                    No data.