cvelist/2021/1xxx/CVE-2021-1219.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2021-01-20T16:00:00",
        "ID": "CVE-2021-1219",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Smart Software Manager Satellite Static Credential Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco Smart Software Manager On-Prem ",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "7.8",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-798"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20210120 Cisco Smart Software Manager Satellite Static Credential Vulnerability",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-cssm-sc-Jd42D4Tq",
        "defect": [
            [
                "CSCvm42283"
            ]
        ],
        "discovery": "INTERNAL"
    }
}
"-Synchronized-Data." 2020-11-13 20:03:40 +00:00			`{`
			`"CVE_data_meta": {`
Adding Cisco CVE-2021-1219 2021-01-20 19:31:40 +00:00			`"ASSIGNER": "psirt@cisco.com",`
			`"DATE_PUBLIC": "2021-01-20T16:00:00",`
"-Synchronized-Data." 2020-11-13 20:03:40 +00:00			`"ID": "CVE-2021-1219",`
Adding Cisco CVE-2021-1219 2021-01-20 19:31:40 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Cisco Smart Software Manager Satellite Static Credential Vulnerability"`
"-Synchronized-Data." 2020-11-13 20:03:40 +00:00			`},`
Adding Cisco CVE-2021-1219 2021-01-20 19:31:40 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Cisco Smart Software Manager On-Prem ",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Cisco"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-11-13 20:03:40 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-01-26 18:01:28 +00:00			"value": "A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks."
"-Synchronized-Data." 2020-11-13 20:03:40 +00:00			`}`
			`]`
Adding Cisco CVE-2021-1219 2021-01-20 19:31:40 +00:00			`},`
			`"exploit": [`
			`{`
			`"lang": "eng",`
			`"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "`
			`}`
			`],`
			`"impact": {`
			`"cvss": {`
			`"baseScore": "7.8",`
			`"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-798"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "20210120 Cisco Smart Software Manager Satellite Static Credential Vulnerability",`
			`"refsource": "CISCO",`
			`"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "cisco-sa-cssm-sc-Jd42D4Tq",`
			`"defect": [`
			`[`
			`"CSCvm42283"`
			`]`
			`],`
			`"discovery": "INTERNAL"`
"-Synchronized-Data." 2020-11-13 20:03:40 +00:00			`}`
"-Synchronized-Data." 2021-01-26 18:01:28 +00:00			`}`