Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
12 vulnerabilities found for Smart Software Manager On-Prem by Cisco
CERTFR-2026-AVI-0388
Vulnerability from certfr_avis - Published: 2026-04-02 - Updated: 2026-04-02
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Integrated Management Controller (IMC) | Cisco NFVIS versions antérieures à 4.18.3 sur Cisco Catalyst 8300 Series Edge uCPE | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(2.260007) sur UCS C-Series M5 Rack Server | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 3.2.17 sur UCS E-Series M3 | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(2.260007) (M5), 4.3(6.260017) (M6) et 6.0(1.250174) (M6) sur Secure Network Server Appliances | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions 6.x antérieures à 6.0(1.250174) sur UCS C-Series M6 Rack Server | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Endpoint Private Cloud Appliances | ||
| Cisco | Smart Software Manager On-Prem | Smart Software Manager On-Prem (SSM On-Prem) versions antérieures à 9-202601 | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Malware Analytics Appliances | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Firewall Management Center Appliances | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(6.260017) (M6) sur IEC6400 Edge Compute Appliances | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.15.3 sur UCS E-Series M6 | ||
| Cisco | Integrated Management Controller (IMC) | Cisco NFVIS versions antérieures à 4.15.5 sur Cisco 5000 Series ENCS | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 6.0(1.250192) (M6) sur Cisco Telemetry Broker Appliances | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(2.260007) (M5) et 6.0(1.250192) (M6) sur Secure Network Analytics Appliances | ||
| Cisco | Integrated Management Controller (IMC) | Cisco IMC versions antérieures à 4.3(6.260017) sur UCS C-Series M6 Rack Server | ||
| Cisco | Evolved Programmable Network Manager (EPNM) | Evolved Programmable Network Manager (EPNM) versions antérieures à 8.1.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco NFVIS versions ant\u00e9rieures \u00e0 4.18.3 sur Cisco Catalyst 8300 Series Edge uCPE",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) sur UCS C-Series M5 Rack Server ",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 3.2.17 sur UCS E-Series M3",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5), 4.3(6.260017) (M6) et 6.0(1.250174) (M6) sur Secure Network Server Appliances",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions 6.x ant\u00e9rieures \u00e0 6.0(1.250174) sur UCS C-Series M6 Rack Server ",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Endpoint Private Cloud Appliances",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Smart Software Manager On-Prem (SSM On-Prem) versions ant\u00e9rieures \u00e0 9-202601",
"product": {
"name": "Smart Software Manager On-Prem",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Malware Analytics Appliances",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 4.3(6.260017) (M6) sur Secure Firewall Management Center Appliances",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(6.260017) (M6) sur IEC6400 Edge Compute Appliances",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.15.3 sur UCS E-Series M6",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NFVIS versions ant\u00e9rieures \u00e0 4.15.5 sur Cisco 5000 Series ENCS",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 6.0(1.250192) (M6) sur Cisco Telemetry Broker Appliances",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(2.260007) (M5) et 6.0(1.250192) (M6) sur Secure Network Analytics Appliances",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IMC versions ant\u00e9rieures \u00e0 4.3(6.260017) sur UCS C-Series M6 Rack Server ",
"product": {
"name": "Integrated Management Controller (IMC)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Evolved Programmable Network Manager (EPNM) versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "Evolved Programmable Network Manager (EPNM)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20094"
},
{
"name": "CVE-2026-20151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20151"
},
{
"name": "CVE-2026-20155",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20155"
},
{
"name": "CVE-2026-20096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20096"
},
{
"name": "CVE-2026-20097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20097"
},
{
"name": "CVE-2026-20160",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20160"
},
{
"name": "CVE-2026-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20095"
},
{
"name": "CVE-2026-20093",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20093"
}
],
"initial_release_date": "2026-04-02T00:00:00",
"last_revision_date": "2026-04-02T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0388",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2026-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssm-cli-execution-cHUcWuNr",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr"
},
{
"published_at": "2026-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cimc-auth-bypass-AgG2BxTn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn"
},
{
"published_at": "2026-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
},
{
"published_at": "2026-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-priv-esc-xRAnOuO8",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8"
},
{
"published_at": "2026-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-epnm-improp-auth-mUwFWUU3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3"
}
]
}
VAR-202210-0343
Vulnerability from variot - Updated: 2025-08-02 23:23A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Smart Software Manager On-Prem and Cisco Smart Software Manager Satellite There is a vulnerability in the insecure storage of important information.Information may be obtained. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lt",
"trust": 1.6,
"vendor": "cisco",
"version": "8-202206"
},
{
"model": "smart software manager satellite",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "cisco smart software manager satellite",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "6.3.0 and earlier"
},
{
"model": "cisco smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"cve": "CVE-2022-20939",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2022-87605",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2022-20939",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-026212",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@cisco.com",
"id": "CVE-2022-20939",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-026212",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-87605",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-180",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-180"
},
{
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. \r\nThis vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Smart Software Manager On-Prem and Cisco Smart Software Manager Satellite There is a vulnerability in the insecure storage of important information.Information may be obtained. \nThis advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20939"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"db": "VULMON",
"id": "CVE-2022-20939"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20939",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-87605",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-180",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-20939",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"db": "VULMON",
"id": "CVE-2022-20939"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-180"
},
{
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"id": "VAR-202210-0343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
}
]
},
"last_update_date": "2025-08-02T23:23:20.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-bw-thinrcpt-xss-gSj4CecU Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"
},
{
"title": "Patch for Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/371471"
},
{
"title": "Cisco Smart Software Manager On-Prem Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209861"
},
{
"title": "Cisco: Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-cssm-priv-esc-SEjz69dv"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"db": "VULMON",
"id": "CVE-2022-20939"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-922",
"trust": 1.0
},
{
"problemtype": "Insecure storage of important information (CWE-922) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssm-priv-esc-sejz69dv"
},
{
"trust": 1.1,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssm-priv-esc-sejz69dv"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-bw-thinrcpt-xss-gsj4cecu"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20939"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"db": "VULMON",
"id": "CVE-2022-20939"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-180"
},
{
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"db": "VULMON",
"id": "CVE-2022-20939"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-180"
},
{
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"date": "2025-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"date": "2022-10-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-180"
},
{
"date": "2024-11-15T16:15:24.200000",
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-87605"
},
{
"date": "2025-08-01T02:03:00",
"db": "JVNDB",
"id": "JVNDB-2022-026212"
},
{
"date": "2022-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-180"
},
{
"date": "2025-07-31T15:37:48.667000",
"db": "NVD",
"id": "CVE-2022-20939"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems \u00a0Cisco\u00a0Smart\u00a0Software\u00a0Manager\u00a0On-Prem\u00a0 and \u00a0Cisco\u00a0Smart\u00a0Software\u00a0Manager\u00a0Satellite\u00a0 Vulnerability in insecure storage of critical information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-026212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-180"
}
],
"trust": 0.6
}
}
VAR-202008-0811
Vulnerability from variot - Updated: 2024-11-23 23:07A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. (DoS) It may be put into a state. Opera Software Opera is a web browser produced by Norway Opera Software Company, which supports multi-window browsing, custom user interface and other functions. Cisco Smart Software Manager On-Prem (SSM On-Prem) is a Cisco product license management component for Cisco products. A permission and access control issue vulnerability exists in Cisco SSM On-Prem
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8-202004"
},
{
"model": "smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:smart_software_manager_on-prem",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
}
]
},
"cve": "CVE-2020-3443",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3443",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-010306",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-181568",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3443",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010306",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3443",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3443",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-010306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-959",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181568",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-959"
},
{
"db": "NVD",
"id": "CVE-2020-3443"
},
{
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. (DoS) It may be put into a state. Opera Software Opera is a web browser produced by Norway Opera Software Company, which supports multi-window browsing, custom user interface and other functions. Cisco Smart Software Manager On-Prem (SSM On-Prem) is a Cisco product license management component for Cisco products. A permission and access control issue vulnerability exists in Cisco SSM On-Prem",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3443"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "VULHUB",
"id": "VHN-181568"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3443",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010306",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202008-959",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2853",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181568",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-959"
},
{
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"id": "VAR-202008-0811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181568"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:07:54.211000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-smart-priv-esca-nqwxXWBu",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smart-priv-esca-nqwxXWBu"
},
{
"title": "Cisco Smart Software Manager On-Prem Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126755"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smart-priv-esca-nqwxxwbu"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3443"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3443"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2853/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-959"
},
{
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181568"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-959"
},
{
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-181568"
},
{
"date": "2021-01-06T05:44:23",
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"date": "2020-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-959"
},
{
"date": "2020-08-26T17:15:13.583000",
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-181568"
},
{
"date": "2021-01-06T05:44:23",
"db": "JVNDB",
"id": "JVNDB-2020-010306"
},
{
"date": "2020-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-959"
},
{
"date": "2024-11-21T05:31:04.710000",
"db": "NVD",
"id": "CVE-2020-3443"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-959"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Smart Software Manager On-Prem Vulnerability regarding lack of authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-959"
}
],
"trust": 0.6
}
}
VAR-202002-0719
Vulnerability from variot - Updated: 2024-11-23 22:37A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0719",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7-202001"
},
{
"model": "smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "smart software manager on-prem",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "smart software manager on-prem",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7-201910"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
},
{
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:smart_software_manager_on-prem",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
}
]
},
"cve": "CVE-2020-3158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-3158",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-002271",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 8.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-181283",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3158",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3158",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002271",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3158",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3158",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-002271",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-985",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-181283",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
},
{
"db": "NVD",
"id": "CVE-2020-3158"
},
{
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3158"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "VULHUB",
"id": "VHN-181283"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3158",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002271",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-985",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0605",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181283",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
},
{
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"id": "VAR-202002-0719",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181283"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:37:32.574000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-on-prem-static-cred-sL8rDs8",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8"
},
{
"title": "Cisco Smart Software Manager On-Prem Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110548"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-on-prem-static-cred-sl8rds8"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3158"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3158"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0605/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
},
{
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
},
{
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-181283"
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"date": "2020-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-985"
},
{
"date": "2020-02-19T20:15:15.393000",
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-181283"
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002271"
},
{
"date": "2020-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-985"
},
{
"date": "2024-11-21T05:30:26.837000",
"db": "NVD",
"id": "CVE-2020-3158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Smart Software Manager On-Prem Vulnerability in using hard-coded credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002271"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-985"
}
],
"trust": 0.6
}
}
VAR-202001-0495
Vulnerability from variot - Updated: 2024-11-23 22:25A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. Cisco Smart Software Manager On-Prem Contains an input validation vulnerability.Information is falsified and denial of service (DoS) May be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0495",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7-201910"
},
{
"model": "cisco smart software manager on-prem",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "smart software manager on-prem",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
},
{
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"cve": "CVE-2019-16029",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-16029",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-148134",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-16029",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-16029",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-16029",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16029",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-16029",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-16029",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1122",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-148134",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-16029",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148134"
},
{
"db": "VULMON",
"id": "CVE-2019-16029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
},
{
"db": "NVD",
"id": "CVE-2019-16029"
},
{
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. Cisco Smart Software Manager On-Prem Contains an input validation vulnerability.Information is falsified and denial of service (DoS) May be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "VULHUB",
"id": "VHN-148134"
},
{
"db": "VULMON",
"id": "CVE-2019-16029"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16029",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1122",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0276",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-148134",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-16029",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148134"
},
{
"db": "VULMON",
"id": "CVE-2019-16029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
},
{
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"id": "VAR-202001-0495",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148134"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:25:38.645000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20200122-on-prem-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos"
},
{
"title": "Cisco Smart Software Manager On-Prem Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110444"
},
{
"title": "Cisco: Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20200122-on-prem-dos"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-16029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200122-on-prem-dos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16029"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0276/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174923"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148134"
},
{
"db": "VULMON",
"id": "CVE-2019-16029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
},
{
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148134"
},
{
"db": "VULMON",
"id": "CVE-2019-16029"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
},
{
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-148134"
},
{
"date": "2020-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16029"
},
{
"date": "2020-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"date": "2020-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1122"
},
{
"date": "2020-01-26T05:15:17.083000",
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-148134"
},
{
"date": "2020-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16029"
},
{
"date": "2020-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014406"
},
{
"date": "2020-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1122"
},
{
"date": "2024-11-21T04:29:57.700000",
"db": "NVD",
"id": "CVE-2019-16029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Smart\u00a0Software\u00a0Manager\u00a0On-Prem\u00a0 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1122"
}
],
"trust": 0.6
}
}
VAR-202006-1109
Vulnerability from variot - Updated: 2024-11-23 22:11A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1109",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8-202004"
},
{
"model": "smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:smart_software_manager_on-prem",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
}
]
},
"cve": "CVE-2020-3245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3245",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006874",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-181370",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3245",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3245",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006874",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3245",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3245",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006874",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1142",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-181370",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181370"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1142"
},
{
"db": "NVD",
"id": "CVE-2020-3245"
},
{
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3245"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "VULHUB",
"id": "VHN-181370"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3245",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006874",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1142",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2127",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-34289",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-181370",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181370"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1142"
},
{
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"id": "VAR-202006-1109",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181370"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:11:27.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-on-prem-access-ctrl-fpQRfdpf",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-access-ctrl-fpQRfdpf"
},
{
"title": "Cisco Smart Software Manager On-Prem Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121835"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1142"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.9
},
{
"problemtype": "CWE-284",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181370"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-on-prem-access-ctrl-fpqrfdpf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3245"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3245"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2127/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181370"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1142"
},
{
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181370"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1142"
},
{
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-181370"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1142"
},
{
"date": "2020-06-18T03:15:11.760000",
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "VULHUB",
"id": "VHN-181370"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006874"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1142"
},
{
"date": "2024-11-21T05:30:38.840000",
"db": "NVD",
"id": "CVE-2020-3245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Smart Software Manager On-Prem Vulnerability regarding lack of authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006874"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1142"
}
],
"trust": 0.6
}
}
VAR-202101-0778
Vulnerability from variot - Updated: 2024-11-23 21:35A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "cisco smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco smart software manager on-prem",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"cve": "CVE-2021-1218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2021-1218",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-374272",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2021-1218",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2021-1218",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-1218",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1218",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1218",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-1218",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1521",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-374272",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-1218",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374272"
},
{
"db": "VULMON",
"id": "CVE-2021-1218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1521"
},
{
"db": "NVD",
"id": "CVE-2021-1218"
},
{
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "VULHUB",
"id": "VHN-374272"
},
{
"db": "VULMON",
"id": "CVE-2021-1218"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1218",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0240",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1521",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-374272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1218",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374272"
},
{
"db": "VULMON",
"id": "CVE-2021-1218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1521"
},
{
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"id": "VAR-202101-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-374272"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:35:00.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-cssmor-MDCWkT2x",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x"
},
{
"title": "Cisco Smart Software Manager satelite Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139784"
},
{
"title": "Cisco: Cisco Smart Software Manager Satellite Open Redirect Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-cssmor-MDCWkT2x"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "Open redirect (CWE-601) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374272"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssmor-mdcwkt2x"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1218"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0240/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/601.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374272"
},
{
"db": "VULMON",
"id": "CVE-2021-1218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1521"
},
{
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-374272"
},
{
"db": "VULMON",
"id": "CVE-2021-1218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1521"
},
{
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-374272"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1218"
},
{
"date": "2021-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1521"
},
{
"date": "2021-01-20T21:15:11.617000",
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-374272"
},
{
"date": "2021-01-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1218"
},
{
"date": "2021-10-01T08:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-002789"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1521"
},
{
"date": "2024-11-21T05:43:51.283000",
"db": "NVD",
"id": "CVE-2021-1218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1521"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Smart\u00a0Software\u00a0Manager\u00a0Satellite\u00a0 Open redirect vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002789"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1521"
}
],
"trust": 0.6
}
}
VAR-202101-0780
Vulnerability from variot - Updated: 2024-11-23 21:34A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0780",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1.0"
},
{
"model": "cisco smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco smart software manager on-prem",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"cve": "CVE-2021-1222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-1222",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-374276",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-1222",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-1222",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1222",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1222",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1222",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-1222",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1517",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-374276",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-1222",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374276"
},
{
"db": "VULMON",
"id": "CVE-2021-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1517"
},
{
"db": "NVD",
"id": "CVE-2021-1222"
},
{
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "VULHUB",
"id": "VHN-374276"
},
{
"db": "VULMON",
"id": "CVE-2021-1222"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1222",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0240",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1517",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-374276",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1222",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374276"
},
{
"db": "VULMON",
"id": "CVE-2021-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1517"
},
{
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"id": "VAR-202101-0780",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-374276"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:34:59.956000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-cssm-sqi-h5fDvZWp",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sqi-h5fDvZWp"
},
{
"title": "Cisco Smart Software Manager SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139921"
},
{
"title": "Cisco: Cisco Smart Software Manager Satellite SQL Injection Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-cssm-sqi-h5fDvZWp"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374276"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssm-sqi-h5fdvzwp"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1222"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0240/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374276"
},
{
"db": "VULMON",
"id": "CVE-2021-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1517"
},
{
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-374276"
},
{
"db": "VULMON",
"id": "CVE-2021-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1517"
},
{
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-374276"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1222"
},
{
"date": "2021-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1517"
},
{
"date": "2021-01-20T21:15:11.770000",
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-374276"
},
{
"date": "2021-01-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1222"
},
{
"date": "2021-10-01T08:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-002791"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1517"
},
{
"date": "2024-11-21T05:43:51.810000",
"db": "NVD",
"id": "CVE-2021-1222"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1517"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Smart\u00a0Software\u00a0Manager\u00a0Satellite\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002791"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1517"
}
],
"trust": 0.6
}
}
VAR-202101-0779
Vulnerability from variot - Updated: 2024-11-23 21:34A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.1.0"
},
{
"model": "cisco smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco smart software manager on-prem",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"cve": "CVE-2021-1219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-1219",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-374273",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-1219",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-1219",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-1219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1519",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-374273",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-1219",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374273"
},
{
"db": "VULMON",
"id": "CVE-2021-1219"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1519"
},
{
"db": "NVD",
"id": "CVE-2021-1219"
},
{
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1219"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "VULHUB",
"id": "VHN-374273"
},
{
"db": "VULMON",
"id": "CVE-2021-1219"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1219",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0240",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1519",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-374273",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1219",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374273"
},
{
"db": "VULMON",
"id": "CVE-2021-1219"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1519"
},
{
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"id": "VAR-202101-0779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-374273"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:34:59.929000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-cssm-sc-Jd42D4Tq",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq"
},
{
"title": "Cisco Smart Software Manager Satellite Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139783"
},
{
"title": "Cisco: Cisco Smart Software Manager Satellite Static Credential Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-cssm-sc-Jd42D4Tq"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1219"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374273"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssm-sc-jd42d4tq"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1219"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0240/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195331"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-374273"
},
{
"db": "VULMON",
"id": "CVE-2021-1219"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1519"
},
{
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-374273"
},
{
"db": "VULMON",
"id": "CVE-2021-1219"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1519"
},
{
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-374273"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1219"
},
{
"date": "2021-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1519"
},
{
"date": "2021-01-20T21:15:11.693000",
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-374273"
},
{
"date": "2021-01-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1219"
},
{
"date": "2021-10-01T08:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-002790"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1519"
},
{
"date": "2024-11-21T05:43:51.410000",
"db": "NVD",
"id": "CVE-2021-1219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1519"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Smart\u00a0Software\u00a0Manager\u00a0Satellite\u00a0 Vulnerability in Using Hard Coded Credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002790"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1519"
}
],
"trust": 0.6
}
}
VAR-202110-0212
Vulnerability from variot - Updated: 2024-08-14 15:37A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0212",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8-202108"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"cve": "CVE-2021-34766",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-34766",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-395008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34766",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34766",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34766",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-34766",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395008",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34766",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395008"
},
{
"db": "VULMON",
"id": "CVE-2021-34766"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
},
{
"db": "NVD",
"id": "CVE-2021-34766"
},
{
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34766"
},
{
"db": "VULHUB",
"id": "VHN-395008"
},
{
"db": "VULMON",
"id": "CVE-2021-34766"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34766",
"trust": 1.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.3320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100704",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-308",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395008",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-34766",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395008"
},
{
"db": "VULMON",
"id": "CVE-2021-34766"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
},
{
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"id": "VAR-202110-0212",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395008"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:37:53.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Smart Software Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166504"
},
{
"title": "Cisco: Cisco Smart Software Manager Privilege Escalation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-ssm-priv-esc-5g35cdDJ"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34766"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395008"
},
{
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ssm-priv-esc-5g35cddj"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3320"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34766"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100704"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395008"
},
{
"db": "VULMON",
"id": "CVE-2021-34766"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
},
{
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395008"
},
{
"db": "VULMON",
"id": "CVE-2021-34766"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
},
{
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-395008"
},
{
"date": "2021-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34766"
},
{
"date": "2021-10-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-308"
},
{
"date": "2021-10-06T20:15:13.287000",
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-395008"
},
{
"date": "2021-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34766"
},
{
"date": "2021-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-308"
},
{
"date": "2023-11-07T03:36:20.810000",
"db": "NVD",
"id": "CVE-2021-34766"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Smart Software Manager Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-308"
}
],
"trust": 0.6
}
}
VAR-202207-0259
Vulnerability from variot - Updated: 2024-08-14 13:22A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8"
},
{
"model": "smart software manager on-prem",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8-202112"
},
{
"model": "cisco smart software manager on-prem",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco smart software manager on-prem",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"cve": "CVE-2022-20808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2022-20808",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-405361",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-20808",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2022-20808",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20808",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20808",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20808",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20808",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-523",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-405361",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-20808",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405361"
},
{
"db": "VULMON",
"id": "CVE-2022-20808"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-523"
},
{
"db": "NVD",
"id": "CVE-2022-20808"
},
{
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20808"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "VULHUB",
"id": "VHN-405361"
},
{
"db": "VULMON",
"id": "CVE-2022-20808"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20808",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-523",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070702",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3301",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-50629",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405361",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20808",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405361"
},
{
"db": "VULMON",
"id": "CVE-2022-20808"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-523"
},
{
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"id": "VAR-202207-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405361"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:22:03.629000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-onprem-privesc-tP6uNZOS",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS"
},
{
"title": "Cisco Smart Software Manager On-Prem and Cisco Smart Software Manager Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200024"
},
{
"title": "Cisco: Cisco Smart Software Manager On-Prem Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-onprem-privesc-tP6uNZOS"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20808"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-523"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405361"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-onprem-privesc-tp6unzos"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20808"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20808/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070702"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3301"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405361"
},
{
"db": "VULMON",
"id": "CVE-2022-20808"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-523"
},
{
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405361"
},
{
"db": "VULMON",
"id": "CVE-2022-20808"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-523"
},
{
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-405361"
},
{
"date": "2022-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20808"
},
{
"date": "2023-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"date": "2022-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-523"
},
{
"date": "2022-07-06T21:15:11.593000",
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-405361"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20808"
},
{
"date": "2023-10-03T06:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-016236"
},
{
"date": "2022-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-523"
},
{
"date": "2023-11-07T03:43:00.557000",
"db": "NVD",
"id": "CVE-2022-20808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-523"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Smart\u00a0Software\u00a0Manager\u00a0On-Prem\u00a0 Resource exhaustion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016236"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-523"
}
],
"trust": 0.6
}
}
VAR-202305-1931
Vulnerability from variot - Updated: 2023-05-30 00:31A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-1931",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart software manager on-prem",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8-202303"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20110"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8-202303",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20110"
}
]
},
"cve": "CVE-2023-20110",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-20110",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-20110",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202305-1736",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20110"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20110"
},
{
"db": "VULMON",
"id": "CVE-2023-20110"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20110",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.2893",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1736",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20110",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20110"
},
{
"db": "NVD",
"id": "CVE-2023-20110"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
]
},
"id": "VAR-202305-1931",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2023-05-30T00:31:34.530000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Smart Software Manager On-Prem SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=239232"
},
{
"title": "Cisco: Cisco Smart Software Manager On-Prem SQL Injection Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-ssm-sql-x9mmjsyh"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20110"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20110"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ssm-sql-x9mmjsyh"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20110/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20110"
},
{
"db": "NVD",
"id": "CVE-2023-20110"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-20110"
},
{
"db": "NVD",
"id": "CVE-2023-20110"
},
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20110"
},
{
"date": "2023-05-18T03:15:00",
"db": "NVD",
"id": "CVE-2023-20110"
},
{
"date": "2023-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20110"
},
{
"date": "2023-05-26T19:11:00",
"db": "NVD",
"id": "CVE-2023-20110"
},
{
"date": "2023-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Smart Software Manager On-Prem SQL Injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202305-1736"
}
],
"trust": 0.6
}
}