Cisco Smart Software Manager On-Prem Vulnerability
CVE-2022-20939

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Smart Software Manager On-prem
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerability exists in the web-based management interface of Cisco Smart Software Manager On-Prem that may enable an authenticated, remote attacker to elevate their privileges on an affected system. This issue arises from insufficient safeguards surrounding sensitive user data. By exploiting this vulnerability, an attacker can gain access to specific logs on the system and utilize the gathered information to escalate privileges to the System Admin level. Cisco has issued software updates to address this vulnerability, and no workarounds are available.

Affected Version(s)

Cisco Smart Software Manager On-Prem 7-202001

Cisco Smart Software Manager On-Prem 1.1

Cisco Smart Software Manager On-Prem 6.3.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021