CVE-2020-3158

CWE-798Hard-coded Credentials4 documents4 sources
Severity
9.1CRITICAL
EPSS
2.5%
top 14.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Smart Software Manager On-premCisco Smart Software Manager On-prem
Timeline
PublishedFeb 19
Latest updateMay 24

Description

A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5cisco/cisco_smart_software_manager_on-premunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-qvcr-mg85-mjgg: A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to acces2022-05-24
CVEList
Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability2020-02-19

📋Vendor Advisories

1
Cisco
Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability2020-02-19
CVE-2020-3158 (CRITICAL CVSS 9.1) | A vulnerability in the High Availab | cvebase.io