VDB
CVE-2022-20939
CVE-2022-20939
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
EPSS 0.22% · 44.2th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.22%
44.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | smart_software_manager_satellite | 0 |
| cisco | smart_software_manager_on-prem | 0 |
| Cisco | Cisco Smart Software Manager On-Prem | 1.1, 6.3.0, 8-202004 |
Exploit Intelligence
Timeline
- Nov 15, 2024 CVE Published
- Nov 15, 2024 CVE Updated
- Nov 16, 2024 EPSS Score
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 24, 2025 EPSS Score