Details of VAR-202207-0259

ID

VAR-202207-0259

CVE

CVE-2022-20808

TITLE

Cisco Smart Software Manager On-Prem Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016236

DESCRIPTION

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device

Trust: 1.8

sources: NVD: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // VULHUB: VHN-405361 // VULMON: CVE-2022-20808

AFFECTED PRODUCTS

vendor:	cisco	model:	smart software manager on-prem	scope:	gte	version:	8	Trust: 1.0
vendor:	cisco	model:	smart software manager on-prem	scope:	lt	version:	8-202112	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco smart software manager on-prem	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco smart software manager on-prem	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-016236 // NVD: CVE-2022-20808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20808
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20808
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-20808
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-523
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405361
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-20808
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-20808
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405361
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20808
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20808
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20808
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405361 // VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523 // NVD: CVE-2022-20808 // NVD: CVE-2022-20808

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405361 // JVNDB: JVNDB-2022-016236 // NVD: CVE-2022-20808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-523

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202207-523

PATCH

title:	cisco-sa-onprem-privesc-tP6uNZOS	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-privesc-tP6uNZOS	Trust: 0.8
title:	Cisco Smart Software Manager On-Prem and Cisco Smart Software Manager Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200024	Trust: 0.6
title:	Cisco: Cisco Smart Software Manager On-Prem Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-onprem-privesc-tP6uNZOS	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20808	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016236	Trust: 0.8
db:	CNNVD	id:	CNNVD-202207-523	Trust: 0.7
db:	CS-HELP	id:	SB2022070702	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3301	Trust: 0.6
db:	CNVD	id:	CNVD-2022-50629	Trust: 0.1
db:	VULHUB	id:	VHN-405361	Trust: 0.1
db:	VULMON	id:	CVE-2022-20808	Trust: 0.1

sources: VULHUB: VHN-405361 // VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523 // NVD: CVE-2022-20808

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-onprem-privesc-tp6unzos	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20808	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20808/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070702	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3301	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405361 // VULMON: CVE-2022-20808 // JVNDB: JVNDB-2022-016236 // CNNVD: CNNVD-202207-523 // NVD: CVE-2022-20808

SOURCES

db:	VULHUB	id:	VHN-405361
db:	VULMON	id:	CVE-2022-20808
db:	JVNDB	id:	JVNDB-2022-016236
db:	CNNVD	id:	CNNVD-202207-523
db:	NVD	id:	CVE-2022-20808

LAST UPDATE DATE

2024-08-14T13:22:03.629000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405361	date:	2022-07-14T00:00:00
db:	VULMON	id:	CVE-2022-20808	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-016236	date:	2023-10-03T06:05:00
db:	CNNVD	id:	CNNVD-202207-523	date:	2022-07-15T00:00:00
db:	NVD	id:	CVE-2022-20808	date:	2023-11-07T03:43:00.557

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405361	date:	2022-07-06T00:00:00
db:	VULMON	id:	CVE-2022-20808	date:	2022-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-016236	date:	2023-10-03T00:00:00
db:	CNNVD	id:	CNNVD-202207-523	date:	2022-07-06T00:00:00
db:	NVD	id:	CVE-2022-20808	date:	2022-07-06T21:15:11.593