Cisco warns that exploit code is now accessible for a most severity vulnerability that lets attackers change any consumer password on unpatched Cisco Sensible Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers.
As a Cisco Sensible Licensing part, Cisco SSM On-Prem helps handle accounts and product licenses on a corporation’s surroundings utilizing a devoted dashboard on the native community.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is offered for the vulnerability that’s described on this advisory,” the corporate warned on Wednesday.
Nevertheless, Cisco has but to seek out proof of attackers exploiting this security flaw (tracked as CVE-2024-20419) within the wild.
CVE-2024-20419 is brought on by an unverified password change weak point in SSM On-Prem’s authentication system. This weak point lets unauthenticated attackers remotely change any consumer password (together with these used for administrator accounts) with out realizing the unique credentials.
“This vulnerability is because of improper implementation of the password-change course of. An attacker may exploit this vulnerability by sending crafted HTTP requests to an affected system,” Cisco defined in July when it launched security updates to deal with the flaw.
“A profitable exploit may permit an attacker to entry the net UI or API with the privileges of the compromised consumer.”
No workarounds can be found for impacted programs, and all admins should improve to a hard and fast launch to safe susceptible SSM On-Prem servers.
Final month, Cisco additionally patched a crucial vulnerability that enables attackers so as to add new customers with root privileges and completely crash Safety E-mail Gateway (SEG) home equipment utilizing emails with malicious attachments and mounted an NX-OS zero-day (CVE-2024-20399) that had been exploited within the wild since April to put in beforehand unknown malware as root on susceptible MDS and Nexus switches.
At present, CISA warned admins to disable the legacy Cisco Sensible Set up function after seeing it abused in latest assaults to steal delicate knowledge like system configuration information.
