Unauthenticated Password Change Vulnerability in Cisco SSM On-Prem

Summary

The vulnerability with the identifier CVE-2024-20419 is a severe one in Cisco's Smart Software Manager On-Prem software. It enables an unauthenticated attacker to change the password of any user, including administrative users, by sending specially crafted HTTP requests to the affected system. Due to the high severity and ease of exploitation, it is crucial for organizations to apply the available patches promptly. While there are no known instances of exploitation in the wild yet, the potential impact of this vulnerability, especially in industries such as finance, utilities, and government, is significant. It is part of a set of issues addressed by Cisco, with another critical flaw also being patched.

News Articles

SC Media

CVE-2024-20419

Maximum severity Cisco SSM On-Prem vulnerability addressed

Such a vulnerability, tracked as CVE-2024-20419, could be exploited to facilitate web UI or API access and eventually allow the unauthenticated creation of new user passwords, according to Cisco.

4 months ago

Tech Monitor

CVE-2024-20419

Cisco patches vulnerability allowing attackers to change admin passwords

Named CVE-2024-20419, the bug affecting Cisco Smart Software Manager On-Prem carries the maximum possible CVSS rating.

4 months ago

CVE-2024-20419

Critical Cisco bug allows crims to change admin passwords

Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1...

4 months ago

More News...