Vulnerability Details CVE-2023-20110
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.8%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-20110
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:-
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:5.0
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:5.1.0
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:6.3.0
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:7-201910
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:7-202001
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:8-202004
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:8-202108
-
cpe:2.3:a:cisco:smart_software_manager_on-prem:8-202112