CVE-2021-1219

CWE-798Hard-coded CredentialsCWE-311CWE-319Cleartext Transmission5 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 85.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Smart Software Manager On-premCisco Cisco Smart Software Manager On-prem
Timeline
PublishedJan 20
Latest updateMay 24

Description

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out fu

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-2mxg-rvhc-jqf9: A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected2022-05-24
GHSA
Missing encryption in Apache Directory Studio2021-08-09
CVEList
Cisco Smart Software Manager Satellite Static Credential Vulnerability2021-01-20

📋Vendor Advisories

1
Cisco
Cisco Smart Software Manager Satellite Static Credential Vulnerability2021-01-20
CVE-2021-1219 (HIGH CVSS 7.8) | A vulnerability in Cisco Smart Soft | cvebase.io