Cisco Smart Software Manager Flaw Let Attackers Change Any User Passwords

Cisco has disclosed a considerable vulnerability in its Neat Instrument Supervisor On-Prem (SSM On-Prem) that enables unauthenticated, faraway attackers to trade the passwords of somebody, at the side of administrative customers. This flaw tracked as CVE-2024-20419, has been assigned the very ideal severity rating of 10.

The vulnerability arises from improperly implementing the password-trade process all the way in which via the Cisco SSM On-Prem authentication machine.

Attackers can exploit this flaw by sending particularly crafted HTTP requests to an affected instrument. A a hit exploit would enable attackers to compose obtain entry to to the web UI or API with the privileges of the compromised person, potentially leading to unauthorized administrative wait on watch over over the instrument.

Affected Products

The vulnerability impacts:

• Cisco SSM On-Prem
• Cisco Neat Instrument Supervisor Satellite tv for pc (SSM Satellite tv for pc)

Cisco SSM Satellite tv for pc has been renamed as Cisco Neat Instrument Supervisor. For releases earlier than Unencumber 7.0, the product become known as Cisco SSM Satellite tv for pc. As of Unencumber 7.0, it’s miles is understood as Cisco SSM On-Prem.

Mounted Instrument

Cisco has launched draw updates to handle this vulnerability. The fastened releases are as follows:

Potentialities are told to enhance to an relevant fastened draw release to stable their methods.

There are no workarounds accessible for this vulnerability. Cisco recommends that all administrators enhance to the fastened draw to mitigate the risk.

As of now, there were no public bulletins or proof of malicious exploitation of this vulnerability. Cisco’s Product Security Incident Response Group (PSIRT) continues to video display the sphere.

Potentialities with service contracts ought to abolish security fixes via their frequent update channels. Those without service contracts can contact the Cisco Technical Aid Center (TAC) for assistance in acquiring the considerable updates.

Compare Cisco Neat Instrument Supervisor On-Prem Version

1. Obtain entry to the Admin Portal:
   Delivery a web browser and enter the IP address of your Cisco SSM On-Prem server followed by the port number. For instance, if the IP address is 172.16.0.1, enter:texthttps://172.16.0.1:8443/admin
2. Log In:
   Log into the admin portal using your administrative credentials.
3. Uncover the Gadget Effectively being Fragment:
   As soon as logged in, navigate to the “Gadget Effectively being” allotment of the admin portal. This allotment most frequently displays the fresh draw release version of your Cisco SSM On-Prem installation.