Unauthenticated Password Change Vulnerability in Cisco SSM On-Prem
CVE-2024-20419
Key Information
- Vendor
- Cisco
- Status
- Cisco Smart Software Manager On-prem
- Vendor
- CVE Published:
- 17 July 2024
Badges
Summary
The vulnerability with the identifier CVE-2024-20419 is a severe one in Cisco's Smart Software Manager On-Prem software. It enables an unauthenticated attacker to change the password of any user, including administrative users, by sending specially crafted HTTP requests to the affected system. Due to the high severity and ease of exploitation, it is crucial for organizations to apply the available patches promptly. While there are no known instances of exploitation in the wild yet, the potential impact of this vulnerability, especially in industries such as finance, utilities, and government, is significant. It is part of a set of issues addressed by Cisco, with another critical flaw also being patched.
Affected Version(s)
Cisco Smart Software Manager On-Prem = 8-202206
News Articles
Maximum severity Cisco SSM On-Prem vulnerability addressed
Such a vulnerability, tracked as CVE-2024-20419, could be exploited to facilitate web UI or API access and eventually allow the unauthenticated creation of new user passwords, according to Cisco.
5 months ago
Tech MonitorCVE-2024-20419Cisco patches vulnerability allowing attackers to change admin passwords
Named CVE-2024-20419, the bug affecting Cisco Smart Software Manager On-Prem carries the maximum possible CVSS rating.
5 months ago
The RegisterCVE-2024-20419Critical Cisco bug allows crims to change admin passwords
Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1...
5 months ago
References
CVSS V3.1
Timeline
- π°
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved