On July 18, 2024, Cisco alerted the public to a considerable security flaw within their Smart Software Manager On-Prem (Cisco SSM On-Prem) offerings, a system designed for remote management of user licenses. Identified as CVE-2024-20419, this flaw allows cyber attackers to alter any user’s password remotely, including administrator passwords, without authentication.
The company suggested that this vulnerability potentially puts organizations at risk, possibly revealing sensitive user license details and enabling unauthorized remote access. Given the severity score of 9.8/10, this is seen as a pressing matter and needs immediate attention. Cisco is currently working on a patch and advises users to monitor Cisco SSM On-Prem systems for any anomalies.
The flaw was discovered to be a result of an improperly configured password change mechanism. Attackers could exploit this by sending custom HTTP requests to vulnerable devices, allowing them the same privileges as the affected account. This access could then be used to change passwords, delete data, or even launch attacks within the network.
In response to the discovery, an immediate investigation was launched, leading to the development of a patch to address the issue. No exploitation of this flaw has been reported, but the potential damage it could cause makes it a matter of high concern. Users are encouraged to change passwords regularly and closely monitor their accounts for any suspicious activity.
The security flaw affects versions 8-202206 and previous versions of Cisco SSM On-Prem.
Addressing Cisco SSM On-Prem’s critical flaw
The company confirmed that it was fixed in version 8-202212, while version 9 remains unaffected. An official patch has been released, with the ultimate goal of enhancing security and performance in the SSM On-Prem software. Cisco encourages customers to apply this patch promptly to avoid potential exploitation of the flaw.
Mohammed Adel, a security researcher, was acknowledged for his instrumental role in identifying and reporting the bug. His diligent work and invaluable contribution to cybersecurity have undoubtedly helped make digital environments safer. As per Adel’s insightful suggestions, Cisco enhanced its security features.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also identified three additional active vulnerability threats—Adobe Commerce and Magento Open Source (CVE-2024-34102), path traversal in SolarWinds Serv-U, and a file permission issue with the VMware vCenter Server system. Immediate action is urged for businesses and individuals who utilize these systems.
In relation to these threats, the China-based cyber espionage group, UNC3886, is known for exploiting vulnerabilities in Ivanti, Fortinet, and VMware systems. Consequently, federal organizations have been mandated to implement specific mitigation tactics by August 7, 2024, to secure their network systems. This issue highlights the importance of vigilance in cybersecurity, not only in rectifying specific vulnerabilities but in an overarching, holistic approach to security.
