Sign-up

ID

VAR-202008-0811


CVE

CVE-2020-3443


TITLE

Cisco Smart Software Manager On-Prem Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010306

DESCRIPTION

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. (DoS) It may be put into a state. Opera Software Opera is a web browser produced by Norway Opera Software Company, which supports multi-window browsing, custom user interface and other functions. Cisco Smart Software Manager On-Prem (SSM On-Prem) is a Cisco product license management component for Cisco products. A permission and access control issue vulnerability exists in Cisco SSM On-Prem

Trust: 1.71

sources: NVD: CVE-2020-3443 // JVNDB: JVNDB-2020-010306 // VULHUB: VHN-181568

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:eqversion:8-202004

Trust: 1.0

vendor:ciscomodel:smart software manager on-premscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010306 // NVD: CVE-2020-3443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3443
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3443
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010306
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-959
value: HIGH

Trust: 0.6

VULHUB: VHN-181568
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3443
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010306
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181568
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3443
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-010306
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181568 // JVNDB: JVNDB-2020-010306 // CNNVD: CNNVD-202008-959 // NVD: CVE-2020-3443 // NVD: CVE-2020-3443

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.9

problemtype:CWE-264

Trust: 1.0

sources: VULHUB: VHN-181568 // JVNDB: JVNDB-2020-010306 // NVD: CVE-2020-3443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-959

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202008-959

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010306

PATCH
title:cisco-sa-smart-priv-esca-nqwxXWBuurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smart-priv-esca-nqwxXWBu
Trust: 0.8
title:Cisco Smart Software Manager On-Prem Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126755
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010306 // 
            
            
            
            CNNVD: CNNVD-202008-959

EXTERNAL IDS
db:NVDid:CVE-2020-3443
Trust: 2.5
db:JVNDBid:JVNDB-2020-010306
Trust: 0.8
db:CNNVDid:CNNVD-202008-959
Trust: 0.7
db:AUSCERTid:ESB-2020.2853
Trust: 0.6
db:VULHUBid:VHN-181568
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181568 // 
            
            
            
            JVNDB: JVNDB-2020-010306 // 
            
            
            
            CNNVD: CNNVD-202008-959 // 
            
            
            
            NVD: CVE-2020-3443

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smart-priv-esca-nqwxxwbu
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3443
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3443
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2853/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181568 // 
            
            
            
            JVNDB: JVNDB-2020-010306 // 
            
            
            
            CNNVD: CNNVD-202008-959 // 
            
            
            
            NVD: CVE-2020-3443

SOURCES
db:VULHUBid:VHN-181568
db:JVNDBid:JVNDB-2020-010306
db:CNNVDid:CNNVD-202008-959
db:NVDid:CVE-2020-3443

LAST UPDATE DATE
2024-08-14T14:50:35.222000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181568date:2020-09-02T00:00:00
db:JVNDBid:JVNDB-2020-010306date:2021-01-06T05:44:23
db:CNNVDid:CNNVD-202008-959date:2020-09-03T00:00:00
db:NVDid:CVE-2020-3443date:2023-11-07T03:22:43.513

SOURCES RELEASE DATE
db:VULHUBid:VHN-181568date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010306date:2021-01-06T05:44:23
db:CNNVDid:CNNVD-202008-959date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3443date:2020-08-26T17:15:13.583