Security
Headlines
HeadlinesLatestCVEs

Headline

High-Severity Cisco Bug Grants Attackers Password Access

The vulnerability was given the highest CVSS score possible, though few details have been released due to its severity.

DARKReading
#vulnerability#web#cisco#auth

Source: designer491 via Alamy Stock Photo

Cisco has released a patch for a maximum-severity vulnerability, tracked as CVE-2024-20419, that allows threat actors to change any user or admin password.

The vulnerability carries a CVSS rating of 10, however, the company has not released many details about the bug, likely due to how high risk it is.

The attack complexity was deemed low, as no privileges or user interaction is necessary to complete the action, but the impact on the product’s integrity, availability, and confidentiality are all deemed high.

“An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device,” Cisco said in a statement. “A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.”

This vulnerability affects SSM On-Prem and SSM Satellite. There are no workarounds for the vulnerability, so it’s recommended that users apply patches for the bug as soon as possible.

Cisco has not released any additional information regarding this vulnerability in the wild or how many users have been potentially impacted. SSM On-Prem is primarily used by “financial institutions, utilities, service providers, and government organizations,” according to the vendor, so organizations in these sectors should be especially wary.

About the Author(s)

Related news

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature." It also

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper

DARKReading: Latest News

Too Much 'Trust,' Not Enough 'Verify'