Sign-up

ID

VAR-202202-1102


CVE

CVE-2022-20680


TITLE

Cisco Prime Service Catalog  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004918

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application

Trust: 1.8

sources: NVD: CVE-2022-20680 // JVNDB: JVNDB-2022-004918 // VULHUB: VHN-405233 // VULMON: CVE-2022-20680

AFFECTED PRODUCTS

vendor:ciscomodel:prime service catalogscope:eqversion:12.1

Trust: 1.0

vendor:ciscomodel:prime service catalogscope:lteversion:12.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco prime service catalogscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco prime service catalogscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004918 // NVD: CVE-2022-20680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20680
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20680
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20680
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202202-118
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405233
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20680
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20680
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405233
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20680
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20680
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20680
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405233 // VULMON: CVE-2022-20680 // JVNDB: JVNDB-2022-004918 // CNNVD: CNNVD-202202-118 // NVD: CVE-2022-20680 // NVD: CVE-2022-20680

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-269

Trust: 0.1

sources: VULHUB: VHN-405233 // JVNDB: JVNDB-2022-004918 // NVD: CVE-2022-20680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-118

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-118

PATCH

title:cisco-sa-cpsc-info-disc-zkJBDJ9Furl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpsc-info-disc-zkJBDJ9F

Trust: 0.8

title:Cisco Prime Service Catalog Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=182665

Trust: 0.6

title:Cisco: Cisco Prime Service Catalog Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cpsc-info-disc-zkJBDJ9F

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20680 // JVNDB: JVNDB-2022-004918 // CNNVD: CNNVD-202202-118

EXTERNAL IDS

db:NVDid:CVE-2022-20680

Trust: 3.4

db:JVNDBid:JVNDB-2022-004918

Trust: 0.8

db:CS-HELPid:SB2022020208

Trust: 0.6

db:CNNVDid:CNNVD-202202-118

Trust: 0.6

db:VULHUBid:VHN-405233

Trust: 0.1

db:VULMONid:CVE-2022-20680

Trust: 0.1

sources: VULHUB: VHN-405233 // VULMON: CVE-2022-20680 // JVNDB: JVNDB-2022-004918 // CNNVD: CNNVD-202202-118 // NVD: CVE-2022-20680

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cpsc-info-disc-zkjbdj9f

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20680

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022020208

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405233 // VULMON: CVE-2022-20680 // JVNDB: JVNDB-2022-004918 // CNNVD: CNNVD-202202-118 // NVD: CVE-2022-20680

SOURCES

db:VULHUBid:VHN-405233
db:VULMONid:CVE-2022-20680
db:JVNDBid:JVNDB-2022-004918
db:CNNVDid:CNNVD-202202-118
db:NVDid:CVE-2022-20680

LAST UPDATE DATE

2024-11-23T22:44:04.145000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405233date:2022-02-17T00:00:00
db:VULMONid:CVE-2022-20680date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-004918date:2023-05-11T07:09:00
db:CNNVDid:CNNVD-202202-118date:2023-07-25T00:00:00
db:NVDid:CVE-2022-20680date:2024-11-21T06:43:18.450

SOURCES RELEASE DATE

db:VULHUBid:VHN-405233date:2022-02-10T00:00:00
db:VULMONid:CVE-2022-20680date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-004918date:2023-05-11T00:00:00
db:CNNVDid:CNNVD-202202-118date:2022-02-02T00:00:00
db:NVDid:CVE-2022-20680date:2022-02-10T18:15:08.927