VDB

CVE-2021-34766

CVE-2021-34766 PUBLISHED CVSS 5.400000095367432 MEDIUM

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI.

EPSS 0.12% · 30.5th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.12%
30.5th percentile

Affected Products

VendorProductVersions
CiscoCisco Smart Software Manager On-Premn/a
ciscosmart_software_manager_on-prem0

Exploit Intelligence

Timeline

  • Oct 6, 2021 CVE Published
  • Oct 7, 2021 EPSS Score
  • Dec 3, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 28, 2022 EPSS Score
  • Mar 26, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 22, 2022 EPSS Score
  • Jul 19, 2022 EPSS Score
  • Sep 13, 2022 EPSS Score
  • Nov 9, 2022 EPSS Score
  • Jan 5, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›