Cisco Smart Software Manager Flaw Let Attackers Change Any User Passwords

Cisco has disclosed a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) that permits unauthenticated, remote attackers to change the passwords of any user, including administrative users. This flaw tracked as CVE-2024-20419, has been assigned the highest severity score of 10.

The vulnerability arises from improperly implementing the password-change process within the Cisco SSM On-Prem authentication system.

Attackers can exploit this flaw by sending specially crafted HTTP requests to an affected device. A successful exploit would allow attackers to gain access to the web UI or API with the privileges of the compromised user, potentially leading to unauthorized administrative control over the device.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Affected Products

The vulnerability impacts:

Cisco SSM On-Prem
Cisco Smart Software Manager Satellite (SSM Satellite)

Cisco SSM Satellite has been renamed as Cisco Smart Software Manager. For releases earlier than Release 7.0, the product was called Cisco SSM Satellite. As of Release 7.0, it is known as Cisco SSM On-Prem.

Fixed Software

Cisco has released software updates to address this vulnerability. The fixed releases are as follows:

Cisco SSM On-Prem Release	First Fixed Release
8-202206 and earlier	8-202212
9	Not vulnerable

Customers are advised to upgrade to an appropriate fixed software release to secure their systems.

There are no workarounds available for this vulnerability. Cisco recommends that all administrators upgrade to the fixed software to mitigate the risk.

As of now, there have been no public announcements or evidence of malicious exploitation of this vulnerability. Cisco’s Product Security Incident Response Team (PSIRT) continues to monitor the situation.

Customers with service contracts should obtain security fixes through their usual update channels. Those without service contracts can contact the Cisco Technical Assistance Center (TAC) for assistance in obtaining the necessary updates.

How to Check Cisco Smart Software Manager On-Prem Version

Access the Admin Portal:
Open a web browser and enter the IP address of your Cisco SSM On-Prem server followed by the port number. For example, if the IP address is 172.16.0.1, enter:texthttps://172.16.0.1:8443/admin
Log In:
Log into the admin portal using your administrative credentials.
Locate the System Health Section:
Once logged in, navigate to the “System Health” section of the admin portal. This section typically displays the current software release version of your Cisco SSM On-Prem installation.

“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.