A discovered vulnerability in Cisco Software Manager could allow hackers to change passwords
Cisco’s Smart Software Manager On-Prem (SSM On-Prem (https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/smart-software-manager-satellite/datasheet- c78-734539.html)) has a critical vulnerability that allows unauthenticated, remote attackers to change user passwords, including those of administrative users.
💻 This CVE-2024-20419 (https://nvd.nist.gov/vuln/detail/CVE-2024-20419) high-level vulnerability allows attackers to exploit a system by sending crafted HTTP requests to an affected device. This exploit allows an attacker to gain the same privileges as a compromised user, which can lead to unauthorized access to sensitive information and system functions.
🔴 Cisco has released software updates to address this vulnerability. (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy) stressed that users should apply security updates as soon as possible. (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy)
✅ UZCERT recommends Cisco customers to implement security updates released by Cisco (https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes) and regularly monitor Cisco’s security tips page does