Security News > 2024 > July > Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
2024-07-18 06:01

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users.

"An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user."

It's worth noting that version 9 is not susceptible to the flaw.

The disclosure comes as the U.S. Cybersecurity and Infrastructure Security Agency added three vulnerabilities to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation -.

CVE-2024-34102, which is also referred to as CosmicSting, is a severe security flaw arising from improper handling of nested deserialization, allowing attackers to achieve remote code execution.

A proof-of-concept exploit for the flaw was released by Assetnote late last month.


News URL

https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-34102 XXE vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
network
low complexity
adobe CWE-611
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4416 230 3062 1826 600 5718