ID

VAR-202207-0259


CVE

CVE-2022-20808


TITLE

Cisco Smart Software Manager On-Prem  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016236

DESCRIPTION

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device

Trust: 1.8

sources: NVD: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // VULHUB: VHN-405361 // VULMON: CVE-2022-20808

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:gteversion:8

Trust: 1.0

vendor:ciscomodel:smart software manager on-premscope:ltversion:8-202112

Trust: 1.0

vendor:シスコシステムズmodel:cisco smart software manager on-premscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco smart software manager on-premscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016236 // NVD: CVE-2022-20808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20808
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20808
value: HIGH

Trust: 1.0

NVD: CVE-2022-20808
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-523
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405361
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20808
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20808
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405361
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20808
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20808
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-20808
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405361 // VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523 // NVD: CVE-2022-20808 // NVD: CVE-2022-20808

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405361 // JVNDB: JVNDB-2022-016236 // NVD: CVE-2022-20808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-523

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202207-523

PATCH

title:cisco-sa-onprem-privesc-tP6uNZOSurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS

Trust: 0.8

title:Cisco Smart Software Manager On-Prem and Cisco Smart Software Manager Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200024

Trust: 0.6

title:Cisco: Cisco Smart Software Manager On-Prem Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-onprem-privesc-tP6uNZOS

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523

EXTERNAL IDS

db:NVDid:CVE-2022-20808

Trust: 3.4

db:JVNDBid:JVNDB-2022-016236

Trust: 0.8

db:CNNVDid:CNNVD-202207-523

Trust: 0.7

db:CS-HELPid:SB2022070702

Trust: 0.6

db:AUSCERTid:ESB-2022.3301

Trust: 0.6

db:CNVDid:CNVD-2022-50629

Trust: 0.1

db:VULHUBid:VHN-405361

Trust: 0.1

db:VULMONid:CVE-2022-20808

Trust: 0.1

sources: VULHUB: VHN-405361 // VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523 // NVD: CVE-2022-20808

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-onprem-privesc-tp6unzos

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20808

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20808/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070702

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3301

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405361 // VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523 // NVD: CVE-2022-20808

SOURCES

db:VULHUBid:VHN-405361
db:VULMONid:CVE-2022-20808
db:JVNDBid:JVNDB-2022-016236
db:CNNVDid:CNNVD-202207-523
db:NVDid:CVE-2022-20808

LAST UPDATE DATE

2024-08-14T13:22:03.629000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405361date:2022-07-14T00:00:00
db:VULMONid:CVE-2022-20808date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-016236date:2023-10-03T06:05:00
db:CNNVDid:CNNVD-202207-523date:2022-07-15T00:00:00
db:NVDid:CVE-2022-20808date:2023-11-07T03:43:00.557

SOURCES RELEASE DATE

db:VULHUBid:VHN-405361date:2022-07-06T00:00:00
db:VULMONid:CVE-2022-20808date:2022-07-06T00:00:00
db:JVNDBid:JVNDB-2022-016236date:2023-10-03T00:00:00
db:CNNVDid:CNNVD-202207-523date:2022-07-06T00:00:00
db:NVDid:CVE-2022-20808date:2022-07-06T21:15:11.593