July 17, 2024 at 01:34PM
Cisco has fixed a critical vulnerability in its Smart Software Manager On-Prem, allowing potential attackers to change user passwords without authentication. The flaw affects earlier releases and can be exploited remotely. To address the issue, administrators are advised to upgrade to the fixed release as there are no workarounds available. Cisco has not yet detected any public exploit attempts.
Based on the meeting notes, here are the key takeaways:
1. Cisco has fixed a critical security vulnerability (CVE-2024-20419) that allows attackers to change any user’s password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers.
2. The vulnerability also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).
3. SSM On-Prem is a Cisco Smart Licensing component that assists service providers and Cisco partners in managing customer accounts and product licenses.
4. The security flaw is caused by an unverified password change weakness in SSM On-Prem’s authentication system, enabling unauthenticated, remote attackers to set new user passwords without original credentials.
5. To secure vulnerable servers, all admins must upgrade to a fixed release (8-202212 or Release 9) as no workarounds are available.
6. No evidence of public proof of concept exploits or exploitation attempts targeting this vulnerability has been found by Cisco’s Product Security Incident Response Team (PSIRT).
In addition to this, it’s noted that earlier this month, Cisco patched an NX-OS zero-day (CVE-2024-20399) and in April, warned of a state-backed hacking group exploiting other zero-day bugs (CVE-2024-20353 and CVE-2024-20359) against Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls.
Please let me know if you need any further information or assistance.