CVE-2022-20939

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-20939
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:smart_software_manager_satellite:*:*:*:*:*:*:*:*
History

31 Jul 2025, 15:37

Type Values Removed Values Added
First Time Cisco smart Software Manager Satellite
Cisco smart Software Manager On-prem
Cisco
CPE cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:smart_software_manager_satellite:*:*:*:*:*:*:*:*
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU - Not Applicable
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv - Vendor Advisory

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en la interfaz de administración basada en web de Cisco Smart Software Manager On-Prem podría permitir que un atacante remoto autenticado eleve los privilegios en un sistema afectado. Esta vulnerabilidad se debe a una protección inadecuada de la información confidencial del usuario. Un atacante podría aprovechar esta vulnerabilidad accediendo a determinados registros de un sistema afectado. Una explotación exitosa podría permitir que el atacante use la información obtenida para elevar los privilegios a Administrador del sistema. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad.

15 Nov 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-15 16:15

Updated : 2025-07-31 15:37

NVD link : CVE-2022-20939

Mitre link : CVE-2022-20939

CVE.ORG link : CVE-2022-20939

JSON object : View

Products Affected

cisco

  • smart_software_manager_on-prem
  • smart_software_manager_satellite
CWE
CWE-922

Insecure Storage of Sensitive Information