Main Vulnerability Database Exploits ID:9592 - Exploit for SQL injection in Cisco Smart Software Manager On-Prem - CVE-2023-20110

ID:9592 - Exploit for SQL injection in Cisco Smart Software Manager On-Prem - CVE-2023-20110

Published: March 4, 2024

Vulnerability identifier: #VU76281

Vulnerability risk: Medium

CVE-ID: CVE-2023-20110

CWE-ID: CWE-89

Exploitation vector: Remote access

Vulnerable software:
Cisco Smart Software Manager On-Prem

Link to public exploit:

https://github.com/redfr0g/CVE-2023-20110

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote user can send a specially crafted request to the affected application and read sensitive data on the underlying database.

Remediation

Install update from vendor's website.

ID:9592 - Exploit for SQL injection in Cisco Smart Software Manager On-Prem - CVE-2023-20110

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human