Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20110

Published: 18/05/2023 Updated: 07/11/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote malicious user to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the malicious user to read sensitive data on the underlying database.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco smart software manager on-prem

Vendor Advisories

Cisco: Cisco Smart Software Manager On-Prem SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system This vulnerability exists because the web-based management interface inadequately validates user input An attacker could exploit this vulne ...

Github Repositories

https://github.com/redfr0g/CVE-2023-20110

PoC script for CVE-2023-20110 - Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

CVE-2023-20110 PoC script for CVE-2023-20110 - Cisco Smart Software Manager On-Prem SQL Injection Vulnerability Usage Update IP address and admin cookies in script, Run the script with the following command: python3 exploitpy

References

CWE-89https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-sql-X9MmjSYhhttps://nvd.nist.govhttps://github.com/redfr0g/CVE-2023-20110https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-sql-X9MmjSYh
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook