Details of VAR-202210-0343

ID

VAR-202210-0343

CVE

CVE-2022-20939

TITLE

Cisco Systems Cisco Smart Software Manager On-Prem and Cisco Smart Software Manager Satellite Vulnerability in insecure storage of critical information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-026212

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Smart Software Manager On-Prem and Cisco Smart Software Manager Satellite There is a vulnerability in the insecure storage of important information.Information may be obtained. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv

Trust: 2.25

sources: NVD: CVE-2022-20939 // JVNDB: JVNDB-2022-026212 // CNVD: CNVD-2022-87605 // VULMON: CVE-2022-20939

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-87605

AFFECTED PRODUCTS

vendor:	cisco	model:	smart software manager on-prem	scope:	lt	version:	8-202206	Trust: 1.6
vendor:	cisco	model:	smart software manager satellite	scope:	lte	version:	6.3.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco smart software manager satellite	scope:	lte	version:	6.3.0 and earlier	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco smart software manager on-prem	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-87605 // JVNDB: JVNDB-2022-026212 // NVD: CVE-2022-20939

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2022-20939
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-026212
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-87605
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202210-180
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-87605
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@cisco.com:	CVE-2022-20939
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-026212
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-87605 // JVNDB: JVNDB-2022-026212 // CNNVD: CNNVD-202210-180 // NVD: CVE-2022-20939

PROBLEMTYPE DATA

problemtype:	CWE-922	Trust: 1.0
problemtype:	Insecure storage of important information (CWE-922) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-026212 // NVD: CVE-2022-20939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-180

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-180

PATCH

title:	cisco-sa-bw-thinrcpt-xss-gSj4CecU Cisco Security Advisory	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU	Trust: 0.8
title:	Patch for Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/371471	Trust: 0.6
title:	Cisco Smart Software Manager On-Prem Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209861	Trust: 0.6
title:	Cisco: Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cssm-priv-esc-SEjz69dv	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2022-87605 // VULMON: CVE-2022-20939 // JVNDB: JVNDB-2022-026212 // CNNVD: CNNVD-202210-180

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20939	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-026212	Trust: 0.8
db:	CNVD	id:	CNVD-2022-87605	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-180	Trust: 0.6
db:	VULMON	id:	CVE-2022-20939	Trust: 0.1

sources: CNVD: CNVD-2022-87605 // VULMON: CVE-2022-20939 // JVNDB: JVNDB-2022-026212 // CNNVD: CNNVD-202210-180 // NVD: CVE-2022-20939

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssm-priv-esc-sejz69dv	Trust: 1.2
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssm-priv-esc-sejz69dv	Trust: 1.1
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-bw-thinrcpt-xss-gsj4cecu	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20939	Trust: 0.8
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: CNVD: CNVD-2022-87605 // VULMON: CVE-2022-20939 // JVNDB: JVNDB-2022-026212 // CNNVD: CNNVD-202210-180 // NVD: CVE-2022-20939

SOURCES

db:	CNVD	id:	CNVD-2022-87605
db:	VULMON	id:	CVE-2022-20939
db:	JVNDB	id:	JVNDB-2022-026212
db:	CNNVD	id:	CNNVD-202210-180
db:	NVD	id:	CVE-2022-20939

LAST UPDATE DATE

2025-08-02T23:23:20.194000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-87605	date:	2022-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-026212	date:	2025-08-01T02:03:00
db:	CNNVD	id:	CNNVD-202210-180	date:	2022-10-09T00:00:00
db:	NVD	id:	CVE-2022-20939	date:	2025-07-31T15:37:48.667

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-87605	date:	2022-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-026212	date:	2025-08-01T00:00:00
db:	CNNVD	id:	CNNVD-202210-180	date:	2022-10-05T00:00:00
db:	NVD	id:	CVE-2022-20939	date:	2024-11-15T16:15:24.200