CVE-2022-20939

Summary

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Smart Software Manager On-Prem7-202001affected
CiscoCisco Smart Software Manager On-Prem1.1affected
CiscoCisco Smart Software Manager On-Prem6.3.0affected
CiscoCisco Smart Software Manager On-Prem8-202004affected
CiscoCisco Smart Software Manager On-Prem5.1.0 (LD)affected
CiscoCisco Smart Software Manager On-Prem8-202006affected
CiscoCisco Smart Software Manager On-Prem1.2affected
CiscoCisco Smart Software Manager On-Prem1.3affected
CiscoCisco Smart Software Manager On-Prem8-202012affected
CiscoCisco Smart Software Manager On-Prem8-202010affected
CiscoCisco Smart Software Manager On-Prem8-202008affected
CiscoCisco Smart Software Manager On-Prem8-202102affected
CiscoCisco Smart Software Manager On-Prem1.4affected
CiscoCisco Smart Software Manager On-Prem8-202105affected
CiscoCisco Smart Software Manager On-Prem8-202108affected
CiscoCisco Smart Software Manager On-Prem8-202112affected
CiscoCisco Smart Software Manager On-Prem8-202201affected

Weaknesses

  • CWE-922: Insecure Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References