CVE-2020-3158

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem (affected versions not specified)

Description A vulnerability in the High Availability service could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The issue is due to a system account having a default and static password, which is not under the control of the system administrator. An attacker could exploit this by using the default account to connect to the affected system, potentially gaining read and write access to system data, including device configuration. However, the attacker would not have full administrative rights.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.