Cisco on Wednesday disclosed a recently discovered security vulnerability that could allow malicious parties to remotely change passwords, including administrator accounts, on devices running Cisco Smart Software Manager On-Prem without authentication. SSM On-Prem helps Cisco partners and service providers manage customer accounts and product licenses more easily.
The CVE-2024-20419 vulnerability has a maximum CVSS score of 10, which is critical, and is based on an insufficiently secure password change process in the authentication system, Cisco writes. Attackers can exploit the flaw by sending HTTP requests to affected devices and then accessing the web UI or API with the privileges of the compromised account/user.
IT security meetup and Dénes Benk at SYSADMINDAY
The domestic SYSADMINDAY awaits you on July 19 with 4 great IT security presentations, a training prize fund of several million forints, and a standup by Dénes Benk.
So far, even the experts have not been able to determine exactly what abuses the access to the administrative panel gives the perpetrators the opportunity for. In theory, a possible answer is for the attacker to connect to other Cisco devices connected to the same network through the web interface and API, which can make it easier to steal data and encrypt files.
The company released a software patch along with the announcement and added that its threat team has so far found no evidence that the vulnerability has been actively exploited by cybercriminals in the past. The bug affects Cisco SSM On-Prem versions 8-202206 and earlier, and the fix is already included in version 8-202212.
Source: www.hwsw.hu
