PT-2021-5720 · Cisco · Cisco Smart Software Manager On-Prem
Published
2021-10-06
·
Updated
2021-10-14
·
CVE-2021-34766
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Smart Software Manager On-Prem (SSM On-Prem) (affected versions not specified)
Description
A vulnerability in the web UI of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This issue is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource, potentially allowing them to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Smart Software Manager On-Prem