PT-2020-2965 · Cisco · Cisco Smart Software Manager On-Prem

Published

2020-06-17

Updated

2020-06-23

CVE-2020-3245

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem (SSM On-Prem) (affected versions not specified)

Description A vulnerability in the web application of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to create arbitrary user accounts due to the lack of authorization controls. An attacker could exploit this by sending a crafted HTTP request to an affected device, potentially adding user accounts to the configuration of the device. These accounts would not have administrator or operator privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

BDU:2020-03122

CVE-2020-3245

Affected Products

Cisco Smart Software Manager On-Prem

PT-2020-2965 · Cisco · Cisco Smart Software Manager On-Prem

CVE-2020-3245

Weakness Enumeration

Related Identifiers

Affected Products

References · 4