Cisco Smart Software Manager Flaw Let Attackers Change Any User Passwords
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Cisco has disclosed a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) that permits unauthenticated, remote attackers to change the passwords of any user, including administrative users. This flaw tracked as CVE-2024-20419, has been assigned the highest severity score of 10.
The vulnerability arises from improperly implementing the password-change process within the Cisco SSM On-Prem authentication system.
Attackers can exploit this flaw by sending specially crafted HTTP requests to an affected device. A successful exploit would allow attackers to gain access to the web UI or API with the privileges of the compromised user, potentially leading to unauthorized administrative control over the device.
Affected Products
The vulnerability impacts:
Cisco SSM Satellite has been renamed as Cisco Smart Software Manager. For releases earlier than Release 7.0, the product was called Cisco SSM Satellite. As of Release 7.0, it is known as Cisco SSM On-Prem.
Fixed Software
Cisco has released software updates to address this vulnerability. The fixed releases are as follows:
Cisco SSM On-Prem ReleaseFirst Fixed Release8-202206 and earlier8-2022129Not vulnerable
Customers are advised to upgrade to an appropriate fixed software release to secure their systems.
There are no workarounds available for this vulnerability. Cisco recommends that all administrators upgrade to the fixed software to mitigate the risk.
As of now, there have been no public announcements or evidence of malicious exploitation of this vulnerability. Cisco’s Product Security Incident Response Team (PSIRT) continues to monitor the situation.
Customers with service contracts should obtain security fixes through their usual update channels. Those without service contracts can contact the Cisco Technical Assistance Center (TAC) for assistance in obtaining the necessary updates.
How to Check Cisco Smart Software Manager On-Prem Version
#Cyber_Security_News #Vulnerability #cisco #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Cisco Smart Software Manager Flaw Let Attackers Change Any User Passwords
Author: Guru BaranCisco has disclosed a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) that permits unauthenticated, remote attackers to change the passwords of any user, including administrative users. This flaw tracked as CVE-2024-20419, has been assigned the highest severity score of 10.
The vulnerability arises from improperly implementing the password-change process within the Cisco SSM On-Prem authentication system.
Attackers can exploit this flaw by sending specially crafted HTTP requests to an affected device. A successful exploit would allow attackers to gain access to the web UI or API with the privileges of the compromised user, potentially leading to unauthorized administrative control over the device.
Affected Products
The vulnerability impacts:
- Cisco SSM On-Prem
- Cisco Smart Software Manager Satellite (SSM Satellite)
Cisco SSM Satellite has been renamed as Cisco Smart Software Manager. For releases earlier than Release 7.0, the product was called Cisco SSM Satellite. As of Release 7.0, it is known as Cisco SSM On-Prem.
Fixed Software
Cisco has released software updates to address this vulnerability. The fixed releases are as follows:
Cisco SSM On-Prem ReleaseFirst Fixed Release8-202206 and earlier8-2022129Not vulnerable
Customers are advised to upgrade to an appropriate fixed software release to secure their systems.
There are no workarounds available for this vulnerability. Cisco recommends that all administrators upgrade to the fixed software to mitigate the risk.
As of now, there have been no public announcements or evidence of malicious exploitation of this vulnerability. Cisco’s Product Security Incident Response Team (PSIRT) continues to monitor the situation.
Customers with service contracts should obtain security fixes through their usual update channels. Those without service contracts can contact the Cisco Technical Assistance Center (TAC) for assistance in obtaining the necessary updates.
How to Check Cisco Smart Software Manager On-Prem Version
-
Access the Admin Portal
:
Open a web browser and enter the IP address of your Cisco SSM On-Prem server followed by the port number. For example, if the IP address is172.16.0.1, enter:texthttps://172.16.0.1:8443/admin -
Log In
:
Log into the admin portal using your administrative credentials. -
Locate the System Health Section
:
Once logged in, navigate to the “System Health” section of the admin portal. This section typically displays the current software release version of your Cisco SSM On-Prem installation.
#Cyber_Security_News #Vulnerability #cisco #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
