PT-2020-1378 · Cisco · Cisco Smart Software Manager On-Prem

Published

2020-01-22

Updated

2020-01-31

CVE-2019-16029

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem (affected versions not specified)

Description A vulnerability in the API of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information, resulting in a denial of service (DoS) condition of the web interface. The issue is due to the lack of input validation in the API. An attacker could exploit this by sending a crafted HTTP request to an affected device, potentially changing or corrupting user account information, which could grant the attacker administrator access or prevent legitimate user access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-00327

CVE-2019-16029

Affected Products

Cisco Smart Software Manager On-Prem

PT-2020-1378 · Cisco · Cisco Smart Software Manager On-Prem

CVE-2019-16029

Weakness Enumeration

Related Identifiers

Affected Products

References · 4