Categories
Blog

Maximum severity vulnerability ( CVE-2024-20419) found in Cisco SSM On-prem licensed servers 

Home » Blog » Maximum severity vulnerability ( CVE-2024-20419) found in Cisco SSM On-prem licensed servers 

Maximum severity vulnerability ( CVE-2024-20419) found in Cisco SSM On-prem licensed servers 

A maximum severity vulnerability discovered in Cisco SSM on-prem license servers allows attackers to change passwords for any users, even those with admin-level authorization.  

The bug affects Cisco’s Smart Software Manager On-Prem version 8-202206 and earlier versions.  

Although Cisco has already released an update, the number of servers exposed to this maximum severity vulnerability is under speculation.  

Let us have a quick look at what the vulnerability is about and the threat that it poses.   

What is Cisco SSM On-prem? 

It is a server designed for service providers and Cisco’s partners to give them the user interface and features to serve their customers.  It provides real-time visibility and reportage of all the Cisco product licenses purchased and experienced by customers.  

It enables Cisco’s partners and service providers to easily manage customer‘s virtual accounts.  

About the vulnerability 

The vulnerability, currently tracked as CVE-2024-20419, with maximum severity (CVSS score 10) Through effective exploitation, an attacker could change the passwords for any users including those with admin-level permissions making it highly dangerous.  

As per the security researcher who discovered the vulnerability, Mohammed Adel, the vulnerability was created because of improper implementation of the process designed for password change. An attacker could send crafted HTTP requests to any affected device to exploit the vulnerability. The attacker could further gain access to the web UI or API and orchestrate attacks by leveraging the admin-level privileges of an admin-level user.

SharkStriker’s recommendations and actions

The following are the recommendations and actions by SharkStriker: 

  • Threat researchers at SharkStriker’s SOC team have scanned customers’ environments for threats related to the exploitation of this vulnerability against the Indicators of Compromise based on threat intelligence.  
  • SharkStriker advises all the customers and partners that have CISCO SSM On-prem license servers deployed with versions 8-202206 or earlier to update to the latest version 8-202212(note: This security flaw does not affect version 9).  
  • Partners and customers can perform a one-stop checkup of their security posture through multiple dashboards on STRIEGO

Discover all the capabilities
of STRIEGO specific to your
organization here.

Explore More >

Latest Post

All
Blog