← Back

CVE-2022-20939

nvd nist
Published: Nov 15, 2024Modified: Jul 31, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected (2)

Cisco
2 products
Smart Software Manager On Prem
Smart Software Manager Satellite
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Smart Software Manager On Prem
Before 8-202206
Smart Software Manager Satellite
Up to 6.3.0

Related CWEs

CWE-922
Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (2)

Source: psirt@cisco.com
Not Applicable
Source: psirt@cisco.com
Vendor Advisory

Timeline

No history available yet.