CVE-2021-1219 HIGH

CVE-2021-1219: Cisco Smart Software Manager Satellite Static Credential Vulnerability

Vendor Cisco
Product Cisco Smart Software Manager On-Prem
Weakness CWE-798 · Hardcoded credentials
Published January 20, 2021
Last update November 12, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.

Key dates

02Disclosure timeline

January 20, 2021 CVE published
November 12, 2024 Record updated