ID

VAR-202305-1931


CVE

CVE-2023-20110


TITLE

Cisco Smart Software Manager On-Prem SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202305-1736

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database

Trust: 0.99

sources: NVD: CVE-2023-20110 // VULMON: CVE-2023-20110

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:ltversion:8-202303

Trust: 1.0

sources: NVD: CVE-2023-20110

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20110
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202305-1736
value: MEDIUM

Trust: 0.6

NVD: CVE-2023-20110
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-20110 // CNNVD: CNNVD-202305-1736

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2023-20110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-1736

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202305-1736

CONFIGURATIONS

sources: NVD: CVE-2023-20110

PATCH

title:Cisco Smart Software Manager On-Prem SQL Repair measures for injecting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=239232

Trust: 0.6

title:Cisco: Cisco Smart Software Manager On-Prem SQL Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ssm-sql-x9mmjsyh

Trust: 0.1

sources: VULMON: CVE-2023-20110 // CNNVD: CNNVD-202305-1736

EXTERNAL IDS

db:NVDid:CVE-2023-20110

Trust: 1.7

db:AUSCERTid:ESB-2023.2893

Trust: 0.6

db:CNNVDid:CNNVD-202305-1736

Trust: 0.6

db:VULMONid:CVE-2023-20110

Trust: 0.1

sources: VULMON: CVE-2023-20110 // NVD: CVE-2023-20110 // CNNVD: CNNVD-202305-1736

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ssm-sql-x9mmjsyh

Trust: 1.8

url:https://cxsecurity.com/cveshow/cve-2023-20110/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2893

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20110 // NVD: CVE-2023-20110 // CNNVD: CNNVD-202305-1736

SOURCES

db:VULMONid:CVE-2023-20110
db:NVDid:CVE-2023-20110
db:CNNVDid:CNNVD-202305-1736

LAST UPDATE DATE

2023-05-30T00:31:34.530000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20110date:2023-05-18T00:00:00
db:NVDid:CVE-2023-20110date:2023-05-26T19:11:00
db:CNNVDid:CNNVD-202305-1736date:2023-05-29T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20110date:2023-05-18T00:00:00
db:NVDid:CVE-2023-20110date:2023-05-18T03:15:00
db:CNNVDid:CNNVD-202305-1736date:2023-05-18T00:00:00