Lucene search

K
ciscoCiscoCISCO-SA-20200122-ON-PREM-DOS
HistoryJan 22, 2020 - 4:00 p.m.

Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability

2020-01-2216:00:00
tools.cisco.com
14
cisco
software manager
on-prem
dos
vulnerability
api
remote attacker
user account
information
web interface
exploit
http request
software updates
input validation
security advisory
crafted request

EPSS

0.001

Percentile

46.8%

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface.

The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos”]

Affected configurations

Vulners
Node
ciscosmart_software_manager_on-prem
VendorProductVersionCPE
ciscosmart_software_manager_on-prem*cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*:*

EPSS

0.001

Percentile

46.8%

Related for CISCO-SA-20200122-ON-PREM-DOS