4.3

CVE-2022-20939

EPSS 0.22%
Veröffentlicht 15.11.2024 16:15:24
Zuletzt bearbeitet 31.07.2025 15:37:48
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.
This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Smart Software Manager On-prem Version < 8-202206

Cisco ≫ Smart Software Manager Satellite Version <= 6.3.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.44

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU

Not Applicable

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-20939

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20939

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20939

EUVD