CVE-2020-3443
HIGHCisco Smart Software Manager On-Prem - Privilege Escalation
Title source: llmDescription
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smart-priv-esca-nqwxXWBu
Scores
CVSS v3
8.8
EPSS
0.0077
EPSS Percentile
73.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
CWE-264
Status
published
Products (1)
cisco/smart_software_manager_on-prem
8-202004
Published
Aug 26, 2020
Tracked Since
Feb 18, 2026