Cisco SSM On-Prem bug lets hackers change any user’s password

Teilen:

Cisco has fixed a maximum severity vulnerability that allows attackers to change any user’s password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.

The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).

As a Cisco Smart Licensing component, SSM On-Prem assists service providers and Cisco partners in managing customer accounts and product licenses.

Tracked as CVE-2024-20419, this critical security flaw is caused by an unverified password change weakness in SSM On-Prem’s authentication system. Successful exploitation enables unauthenticated, remote attackers to set new user passwords without knowing the original credentials.

“This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device,” Cisco explained.

“A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.”

The company says that no workarounds are available for systems impacted by this security flaw, and all admins must upgrade to a fixed release to secure vulnerable servers in their environment.

Cisco’s Product Security Incident Response Team (PSIRT) has yet to find evidence of public proof of concept exploits or exploitation attempts targeting this vulnerability.

Earlier this month, the company patched an NX-OS zero-day (CVE-2024-20399) that had been exploited to install previously unknown malware as root on vulnerable MDS and Nexus switches since April.

In April, Cisco also warned that a state-backed hacking group (tracked as UAT4356 and STORM-1849) had been exploiting two other zero-day bugs (CVE-2024-20353 and CVE-2024-20359).

Since November 2023, attackers have used the two bugs against Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls in a campaign dubbed ArcaneDoor, targeting government networks worldwide.

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
2:59 am, Juli 11, 2025
Wetter-Symbol 19°C
L: 17° | H: 19°
broken clouds
Luftfeuchtigkeit: 78 %
Druck: 1021 mb
Wind: 5 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 60%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
17° | 19°°C 0 mm 0% 8 mph 78 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 7 mph 71 % 1015 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
18° | 28°°C 1 mm 100% 15 mph 84 % 1016 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
14° | 20°°C 1 mm 100% 14 mph 81 % 1017 mb 0 mm/h
Today 4:00 am
Wetter-Symbol
16° | 19°°C 0 mm 0% 3 mph 78 % 1021 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 2 mph 74 % 1021 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
24° | 27°°C 0 mm 0% 2 mph 56 % 1021 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 3 mph 32 % 1020 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
32° | 32°°C 0 mm 0% 4 mph 26 % 1018 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 6 mph 29 % 1017 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 8 mph 49 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
21° | 21°°C 0 mm 0% 5 mph 57 % 1019 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€99,149.63
4.27%
Ethereum(ETH)
€2,520.58
6.29%
Fesseln(USDT)
€0.85
-0.02%
XRP(XRP)
€2.18
5.12%
Solana(SOL)
€140.57
4.47%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.167253
8.32%
Shiba Inu(SHIB)
€0.000011
8.15%
Pepe(PEPE)
€0.000010
13.18%
Peanut das Eichhörnchen(PNUT)
€0.245548
22.13%
Nach oben scrollen