Cisco SSM On-Prem bug lets hackers change any user's password

2024-07-17 17:31

Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem license servers, including administrators.

The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite.

As a Cisco Smart Licensing component, SSM On-Prem assists service providers and Cisco partners in managing customer accounts and product licenses.

Tracked as CVE-2024-20419, this critical security flaw is caused by an unverified password change weakness in SSM On-Prem's authentication system.

In April, Cisco also warned that a state-backed hacking group had been exploiting two other zero-day bugs.

GitLab: Critical bug lets attackers run pipelines as other users.

News URL

https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/

#cisco #hacker #CVE-2024-20419

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-17	CVE-2024-20419	A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4416	230	3062	1826	600	5718

News URL

Related news

Related Vulnerability

Related vendor