{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-20939", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2021-11-02T13:28:29.193Z", "datePublished": "2024-11-15T15:25:32.612Z", "dateUpdated": "2024-11-15T15:35:52.949Z"}, "containers": {"cna": {"title": "Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\nThis vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv", "name": "cisco-sa-cssm-priv-esc-SEjz69dv"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"}], "exploits": [{"lang": "en", "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-cssm-priv-esc-SEjz69dv", "discovery": "EXTERNAL", "defects": ["CSCwb98281"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insecure Storage of Sensitive Information", "type": "cwe", "cweId": "CWE-922"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Smart Software Manager On-Prem", "versions": [{"version": "7-202001", "status": "affected"}, {"version": "1.1", "status": "affected"}, {"version": "6.3.0", "status": "affected"}, {"version": "8-202004", "status": "affected"}, {"version": "5.1.0 (LD)", "status": "affected"}, {"version": "8-202006", "status": "affected"}, {"version": "1.2", "status": "affected"}, {"version": "1.3", "status": "affected"}, {"version": "8-202012", "status": "affected"}, {"version": "8-202010", "status": "affected"}, {"version": "8-202008", "status": "affected"}, {"version": "8-202102", "status": "affected"}, {"version": "1.4", "status": "affected"}, {"version": "8-202105", "status": "affected"}, {"version": "8-202108", "status": "affected"}, {"version": "8-202112", "status": "affected"}, {"version": "8-202201", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-11-15T15:25:32.612Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T15:35:35.843732Z", "id": "CVE-2022-20939", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T15:35:52.949Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-20939", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T15:35:35.843732Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T15:35:40.041Z"}}], "cna": {"title": "Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability", "source": {"defects": ["CSCwb98281"], "advisory": "cisco-sa-cssm-priv-esc-SEjz69dv", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Smart Software Manager On-Prem", "versions": [{"status": "affected", "version": "7-202001"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "6.3.0"}, {"status": "affected", "version": "8-202004"}, {"status": "affected", "version": "5.1.0 (LD)"}, {"status": "affected", "version": "8-202006"}, {"status": "affected", "version": "1.2"}, {"status": "affected", "version": "1.3"}, {"status": "affected", "version": "8-202012"}, {"status": "affected", "version": "8-202010"}, {"status": "affected", "version": "8-202008"}, {"status": "affected", "version": "8-202102"}, {"status": "affected", "version": "1.4"}, {"status": "affected", "version": "8-202105"}, {"status": "affected", "version": "8-202108"}, {"status": "affected", "version": "8-202112"}, {"status": "affected", "version": "8-202201"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv", "name": "cisco-sa-cssm-priv-esc-SEjz69dv"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU", "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\nThis vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-922", "description": "Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-11-15T15:25:32.612Z"}}}, "cveMetadata": {"cveId": "CVE-2022-20939", "state": "PUBLISHED", "dateUpdated": "2024-11-15T15:35:52.949Z", "dateReserved": "2021-11-02T13:28:29.193Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-11-15T15:25:32.612Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\nThis vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Smart Software Manager On-Prem podr\u00eda permitir que un atacante remoto autenticado eleve los privilegios en un sistema afectado. Esta vulnerabilidad se debe a una protecci\u00f3n inadecuada de la informaci\u00f3n confidencial del usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad accediendo a determinados registros de un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante use la informaci\u00f3n obtenida para elevar los privilegios a Administrador del sistema. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."}], "id": "CVE-2022-20939", "lastModified": "2024-11-18T17:11:56.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Primary"}]}, "published": "2024-11-15T16:15:24.200", "references": [{"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU"}, {"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "ykramarz@cisco.com", "type": "Primary"}]}

{}