CVE-2020-3158

EPSS 2.52%
Veröffentlicht 19.02.2020 20:15:15
Zuletzt bearbeitet 21.11.2024 05:30:26
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Smart Software Manager On-prem Version < 7-202001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.52%	0.85

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	8.8	8.6	9.2	AV:N/AC:M/Au:N/C:C/I:C/A:N
psirt@cisco.com	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3158

EUVD