CVE-2020-3245

CWE-284Improper Access ControlCWE-862Missing Authorization4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 56.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Smart Software Manager On-premCisco Cisco Smart Software Manager On-prem
Timeline
PublishedJun 18
Latest updateMay 24

Description

A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-6j6p-hrf6-6wxj: A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create2022-05-24
CVEList
Cisco Smart Software Manager On-Prem Improper Access Control Vulnerability2020-06-18

📋Vendor Advisories

1
Cisco
Cisco Smart Software Manager On-Prem Improper Access Control Vulnerability2020-06-17
CVE-2020-3245 (MEDIUM CVSS 5.3) | A vulnerability in the web applicat | cvebase.io