Security News > 2024 > July > Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
2024-07-18 06:01

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users.

"An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user."

It's worth noting that version 9 is not susceptible to the flaw.

The disclosure comes as the U.S. Cybersecurity and Infrastructure Security Agency added three vulnerabilities to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation -.

CVE-2024-34102, which is also referred to as CosmicSting, is a severe security flaw arising from improper handling of nested deserialization, allowing attackers to achieve remote code execution.

A proof-of-concept exploit for the flaw was released by Assetnote late last month.


News URL

https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-34102 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751