Cisco has recently addressed a high-severity vulnerability (CVE-2024-20419) affecting Cisco Smart Software Manager On-Prem license servers and Cisco SSM Satellite [7]. This vulnerability allows remote [3] [4], unauthenticated attackers to change any user or admin password on affected devices.
Description
This flaw is a result of an improper implementation of the password-change process [4], which can be exploited through crafted HTTP requests, the web UI [1] [2] [4] [6] [9], or API with compromised user privileges [1] [2] [4] [6] [9]. The vulnerability impacts Cisco SSM On-Prem versions 8-202206 and earlier [2] [5], but has been fixed in version 8-202212 [2]. Security researcher Mohammed Adel discovered and reported the bug [2]. Users are advised to promptly apply the security updates to protect their systems. With a CVSS rating of 10 [6] [8], this vulnerability does not require privileges or user interaction for exploitation. Unfortunately, there are no workarounds available [1] [2] [6], but a security update has been released to patch the vulnerability [1]. Cisco has also addressed other zero-day vulnerabilities [7], such as CVE-2024-20399, CVE-2024-20353 [1] [2] [3] [4] [6] [7] [8], and CVE-2024-20359 [1] [2] [4] [6] [7], in recent malware attacks.
Conclusion
Organizations in sectors like financial institutions [6], utilities [6], service providers [6], and government entities should upgrade immediately to prevent exploitation. Despite the severity of the vulnerability [3] [8], there have been no reports of it being exploited in the wild or proof-of-concept exploits being available [3]. It is crucial for users to stay vigilant and apply security updates to safeguard their systems.
References
[1] https://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/
[2] https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html
[3] https://feedly.com/cve/CVE-2024-20419
[4] https://www.techradar.com/pro/security/cisco-software-flaw-could-have-allowed-hackers-to-change-any-passwords
[5] https://securityonline.info/cve-2024-20419-cvss-10-critical-flaw-in-cisco-smart-software-manager-opens-door-to-account-takeover/
[6] https://www.darkreading.com/vulnerabilities-threats/high-severity-cisco-bug-grants-attackers-password-access
[7] https://www.scmagazine.com/brief/maximum-severity-cisco-ssm-on-prem-vulnerability-addressed
[8] https://techmonitor.ai/technology/cybersecurity/cisco-password-patch
[9] https://www.helpnetsecurity.com/2024/07/18/cve-2024-20401-cve-2024-20419/