ID

VAR-202008-0811


CVE

CVE-2020-3443


TITLE

Cisco Smart Software Manager On-Prem Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010306

DESCRIPTION

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. (DoS) It may be put into a state. Opera Software Opera is a web browser produced by Norway Opera Software Company, which supports multi-window browsing, custom user interface and other functions. Cisco Smart Software Manager On-Prem (SSM On-Prem) is a Cisco product license management component for Cisco products. A permission and access control issue vulnerability exists in Cisco SSM On-Prem

Trust: 1.71

sources: NVD: CVE-2020-3443 // JVNDB: JVNDB-2020-010306 // VULHUB: VHN-181568

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:eqversion:8-202004

Trust: 1.0

vendor:ciscomodel:smart software manager on-premscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010306 // NVD: CVE-2020-3443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3443
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3443
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010306
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-959
value: HIGH

Trust: 0.6

VULHUB: VHN-181568
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3443
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010306
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181568
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3443
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-010306
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181568 // JVNDB: JVNDB-2020-010306 // CNNVD: CNNVD-202008-959 // NVD: CVE-2020-3443 // NVD: CVE-2020-3443

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.9

problemtype:CWE-264

Trust: 1.0

sources: VULHUB: VHN-181568 // JVNDB: JVNDB-2020-010306 // NVD: CVE-2020-3443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-959

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202008-959

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010306

PATCH

title:cisco-sa-smart-priv-esca-nqwxXWBuurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smart-priv-esca-nqwxXWBu

Trust: 0.8

title:Cisco Smart Software Manager On-Prem Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126755

Trust: 0.6

sources: JVNDB: JVNDB-2020-010306 // CNNVD: CNNVD-202008-959

EXTERNAL IDS

db:NVDid:CVE-2020-3443

Trust: 2.5

db:JVNDBid:JVNDB-2020-010306

Trust: 0.8

db:CNNVDid:CNNVD-202008-959

Trust: 0.7

db:AUSCERTid:ESB-2020.2853

Trust: 0.6

db:VULHUBid:VHN-181568

Trust: 0.1

sources: VULHUB: VHN-181568 // JVNDB: JVNDB-2020-010306 // CNNVD: CNNVD-202008-959 // NVD: CVE-2020-3443

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smart-priv-esca-nqwxxwbu

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3443

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3443

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2853/

Trust: 0.6

sources: VULHUB: VHN-181568 // JVNDB: JVNDB-2020-010306 // CNNVD: CNNVD-202008-959 // NVD: CVE-2020-3443

SOURCES

db:VULHUBid:VHN-181568
db:JVNDBid:JVNDB-2020-010306
db:CNNVDid:CNNVD-202008-959
db:NVDid:CVE-2020-3443

LAST UPDATE DATE

2024-11-23T23:07:54.211000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181568date:2020-09-02T00:00:00
db:JVNDBid:JVNDB-2020-010306date:2021-01-06T05:44:23
db:CNNVDid:CNNVD-202008-959date:2020-09-03T00:00:00
db:NVDid:CVE-2020-3443date:2024-11-21T05:31:04.710

SOURCES RELEASE DATE

db:VULHUBid:VHN-181568date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010306date:2021-01-06T05:44:23
db:CNNVDid:CNNVD-202008-959date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3443date:2020-08-26T17:15:13.583