Critical Cisco bug allows anyone to change all (including admin) passwords

Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins.

Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1 rating and affects the authentication system of Cisco Smart Software Manager (SSM) On-Prem.

Cisco hasn’t disclosed too many details about this, which is more than understandable given the nature of the vulnerability. However we know that an unauthenticated remote attacker can exploit this to change passwords. It’s hardly ideal, and should be patched as soon as possible.

Digging into the severity assessment, the attack complexity was deemed “low”: no privileges or user interaction would be required to pull it off, and the impact on the product’s integrity, availability, and confidentiality is all designated “high.”

“This vulnerability is due to improper implementation of the password-change process,” Cisco’s advisory reads, providing the last few details about the vulnerability.

“An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.”

There are no workarounds for this vulnerability, so get those patches applied if you’re in the business of keeping your passwords safe and secure. Fortunately, there are no signs of this being exploited in the wild yet, but now the cat’s out of the bag it likely won’t be long before that changes.

CVE-2024-20419 affects both SSM On-Prem and SSM Satellite. They’re different names for the same product, only the latter refers to versions before release 7.0.

[…]

Source: Critical Cisco bug allows crims to change admin passwords • The Register

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com