Cisco Smart Software Manager Privilege Escalation Vulnerability
CVE-2021-34766

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Smart Software Manager On-prem
Vendor: CVE Published:; 6 October 2021

Badges

👾 Exploit Exists

Summary

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI.

Affected Version(s)

Cisco Smart Software Manager On-Prem

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Oct 6, 2021
Vulnerability Reserved
Jun 15, 2021