CVE-2023-20110

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 53.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Smart Software Manager On-premCisco Cisco Smart Software Manager On-prem
Timeline
PublishedMay 18

Description

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit cou

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5wmv-9m87-jx6x: A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attac2023-05-18
CVEList
Cisco Smart Software Manager On-Prem SQL Injection Vulnerability2023-05-18

📋Vendor Advisories

1
Cisco
Cisco Smart Software Manager On-Prem SQL Injection Vulnerability2023-05-17
CVE-2023-20110 (MEDIUM CVSS 6.5) | A vulnerability in the web-based ma | cvebase.io