CVE-2023-20110 MEDIUM

CVE-2023-20110: Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

Vendor Cisco

Product Cisco Smart Software Manager On-Prem

Weakness CWE-89 · SQLi

Published May 18, 2023

Last update October 25, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database.

Key dates

02Disclosure timeline

May 18, 2023 CVE published

October 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-20110

Related vulnerabilities

Identifiers

CVE CVE-2023-20110

CWE CWE-89

CVSS 6.5 / MEDIUM

Affected versions