Cisco has mounted a most severity vulnerability that permits attackers to vary any person’s password on weak Cisco Sensible Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers, together with directors.
The flaw additionally impacts SSM On-Prem installations sooner than Launch 7.0, referred to as Cisco Sensible Software program Supervisor Satellite tv for pc (SSM Satellite tv for pc).
As a Cisco Sensible Licensing part, SSM On-Prem assists service suppliers and Cisco companions in managing buyer accounts and product licenses.
Tracked as CVE-2024-20419, this essential security flaw is brought on by an unverified password change weak spot in SSM On-Prem’s authentication system. Profitable exploitation allows unauthenticated, distant attackers to set new person passwords with out understanding the unique credentials.
“This vulnerability is because of improper implementation of the password-change course of. An attacker might exploit this vulnerability by sending crafted HTTP requests to an affected system,” Cisco defined.
“A profitable exploit might enable an attacker to entry the net UI or API with the privileges of the compromised person.”
| Cisco SSM On-Prem Launch | First Mounted Launch |
|---|---|
| 8-202206 and earlier | 8-202212 |
| 9 | Not weak |
The corporate says that no workarounds can be found for programs impacted by this security flaw, and all admins should improve to a hard and fast launch to safe weak servers of their atmosphere.
Cisco’s Product Safety Incident Response Crew (PSIRT) has but to search out proof of public proof of idea exploits or exploitation makes an attempt concentrating on this vulnerability.
Earlier this month, the corporate patched an NX-OS zero-day (CVE-2024-20399) that had been exploited to put in beforehand unknown malware as root on weak MDS and Nexus switches since April.
In April, Cisco additionally warned {that a} state-backed hacking group (tracked as UAT4356 and STORM-1849) had been exploiting two different zero-day bugs (CVE-2024-20353 and CVE-2024-20359).
Since November 2023, attackers have used the 2 bugs in opposition to Adaptive Safety Equipment (ASA) and Firepower Risk Protection (FTD) firewalls in a marketing campaign dubbed ArcaneDoor, concentrating on authorities networks worldwide.
