ID

VAR-202002-0719


CVE

CVE-2020-3158


TITLE

Cisco Smart Software Manager On-Prem Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002271

DESCRIPTION

A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device

Trust: 1.71

sources: NVD: CVE-2020-3158 // JVNDB: JVNDB-2020-002271 // VULHUB: VHN-181283

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:ltversion:7-202001

Trust: 1.0

vendor:ciscomodel:smart software manager on-premscope: - version: -

Trust: 0.8

vendor:ciscomodel:smart software manager on-premscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:smart software manager on-premscope:eqversion:7-201910

Trust: 0.6

sources: JVNDB: JVNDB-2020-002271 // CNNVD: CNNVD-202002-985 // NVD: CVE-2020-3158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3158
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3158
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-002271
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202002-985
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181283
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3158
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002271
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181283
severity: HIGH
baseScore: 8.8
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3158
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3158
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002271
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181283 // JVNDB: JVNDB-2020-002271 // CNNVD: CNNVD-202002-985 // NVD: CVE-2020-3158 // NVD: CVE-2020-3158

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-181283 // JVNDB: JVNDB-2020-002271 // NVD: CVE-2020-3158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-985

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202002-985

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002271

PATCH

title:cisco-sa-on-prem-static-cred-sL8rDs8url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8

Trust: 0.8

title:Cisco Smart Software Manager On-Prem Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110548

Trust: 0.6

sources: JVNDB: JVNDB-2020-002271 // CNNVD: CNNVD-202002-985

EXTERNAL IDS

db:NVDid:CVE-2020-3158

Trust: 2.5

db:JVNDBid:JVNDB-2020-002271

Trust: 0.8

db:CNNVDid:CNNVD-202002-985

Trust: 0.7

db:AUSCERTid:ESB-2020.0605

Trust: 0.6

db:VULHUBid:VHN-181283

Trust: 0.1

sources: VULHUB: VHN-181283 // JVNDB: JVNDB-2020-002271 // CNNVD: CNNVD-202002-985 // NVD: CVE-2020-3158

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-on-prem-static-cred-sl8rds8

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3158

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3158

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0605/

Trust: 0.6

sources: VULHUB: VHN-181283 // JVNDB: JVNDB-2020-002271 // CNNVD: CNNVD-202002-985 // NVD: CVE-2020-3158

SOURCES

db:VULHUBid:VHN-181283
db:JVNDBid:JVNDB-2020-002271
db:CNNVDid:CNNVD-202002-985
db:NVDid:CVE-2020-3158

LAST UPDATE DATE

2024-11-23T22:37:32.574000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181283date:2020-02-28T00:00:00
db:JVNDBid:JVNDB-2020-002271date:2020-03-10T00:00:00
db:CNNVDid:CNNVD-202002-985date:2020-02-28T00:00:00
db:NVDid:CVE-2020-3158date:2024-11-21T05:30:26.837

SOURCES RELEASE DATE

db:VULHUBid:VHN-181283date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002271date:2020-03-10T00:00:00
db:CNNVDid:CNNVD-202002-985date:2020-02-19T00:00:00
db:NVDid:CVE-2020-3158date:2020-02-19T20:15:15.393