Sign-up

ID

VAR-202002-0719


CVE

CVE-2020-3158


TITLE

Cisco Smart Software Manager On-Prem Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002271

DESCRIPTION

A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device

Trust: 1.71

sources: NVD: CVE-2020-3158 // JVNDB: JVNDB-2020-002271 // VULHUB: VHN-181283

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:ltversion:7-202001

Trust: 1.0

vendor:ciscomodel:smart software manager on-premscope: - version: -

Trust: 0.8

vendor:ciscomodel:smart software manager on-premscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:smart software manager on-premscope:eqversion:7-201910

Trust: 0.6

sources: JVNDB: JVNDB-2020-002271 // CNNVD: CNNVD-202002-985 // NVD: CVE-2020-3158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3158
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3158
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-002271
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202002-985
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181283
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3158
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002271
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181283
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3158
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3158
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002271
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181283 // JVNDB: JVNDB-2020-002271 // CNNVD: CNNVD-202002-985 // NVD: CVE-2020-3158 // NVD: CVE-2020-3158

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-181283 // JVNDB: JVNDB-2020-002271 // NVD: CVE-2020-3158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-985

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202002-985

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002271

PATCH
title:cisco-sa-on-prem-static-cred-sL8rDs8url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8
Trust: 0.8
title:Cisco Smart Software Manager On-Prem Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110548
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002271 // 
            
            
            
            CNNVD: CNNVD-202002-985

EXTERNAL IDS
db:NVDid:CVE-2020-3158
Trust: 2.5
db:JVNDBid:JVNDB-2020-002271
Trust: 0.8
db:CNNVDid:CNNVD-202002-985
Trust: 0.7
db:AUSCERTid:ESB-2020.0605
Trust: 0.6
db:VULHUBid:VHN-181283
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181283 // 
            
            
            
            JVNDB: JVNDB-2020-002271 // 
            
            
            
            CNNVD: CNNVD-202002-985 // 
            
            
            
            NVD: CVE-2020-3158

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-on-prem-static-cred-sl8rds8
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3158
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3158
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0605/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181283 // 
            
            
            
            JVNDB: JVNDB-2020-002271 // 
            
            
            
            CNNVD: CNNVD-202002-985 // 
            
            
            
            NVD: CVE-2020-3158

SOURCES
db:VULHUBid:VHN-181283
db:JVNDBid:JVNDB-2020-002271
db:CNNVDid:CNNVD-202002-985
db:NVDid:CVE-2020-3158

LAST UPDATE DATE
2024-08-14T15:43:24.807000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181283date:2020-02-28T00:00:00
db:JVNDBid:JVNDB-2020-002271date:2020-03-10T00:00:00
db:CNNVDid:CNNVD-202002-985date:2020-02-28T00:00:00
db:NVDid:CVE-2020-3158date:2020-02-28T00:47:58.737

SOURCES RELEASE DATE
db:VULHUBid:VHN-181283date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002271date:2020-03-10T00:00:00
db:CNNVDid:CNNVD-202002-985date:2020-02-19T00:00:00
db:NVDid:CVE-2020-3158date:2020-02-19T20:15:15.393