Cisco SSM On-Prem malicious program lets hackers replace any particular person’s password
Cisco has mounted a maximum severity vulnerability that lets in attackers to replace any particular person’s password on inclined Cisco Natty Machine Manager On-Prem (Cisco SSM On-Prem) license servers, including directors.
The flaw also impacts SSM On-Prem installations earlier than Release 7.0, referred to as Cisco Natty Machine Manager Satellite tv for pc (SSM Satellite tv for pc).
As a Cisco Natty Licensing ingredient, SSM On-Prem assists carrier companies and Cisco companions in managing buyer accounts and product licenses.
Tracked as CVE-2024-20419, this necessary security flaw is precipitated by an unverified password replace weak point in SSM On-Prem’s authentication system. A success exploitation enables unauthenticated, some distance off attackers to contrivance original particular person passwords with out intellectual the normal credentials.
“This vulnerability is because of the bad implementation of the password-replace path of. An attacker might per chance well well per chance exploit this vulnerability by sending crafted HTTP requests to an affected tool,” Cisco explained.
“A profitable exploit might per chance well well per chance enable an attacker to access the get UI or API with the privileges of the compromised particular person.”
Cisco SSM On-Prem Release | First Fastened Release |
---|---|
8-202206 and earlier | 8-202212 |
9 | No longer inclined |
The company says that no workarounds are readily accessible for programs impacted by this security flaw, and all admins must enhance to a mounted liberate to procure inclined servers in their atmosphere.
Cisco’s Product Security Incident Response Personnel (PSIRT) has yet to procure proof of public proof of thought exploits or exploitation makes an try focusing on this vulnerability.
Earlier this month, the corporate patched an NX-OS zero-day (CVE-2024-20399) that had been exploited to install beforehand unknown malware as root on inclined MDS and Nexus switches since April.
In April, Cisco also warned that a impart-backed hacking community (tracked as UAT4356 and STORM-1849) had been exploiting two other zero-day bugs (CVE-2024-20353 and CVE-2024-20359).
Since November 2023, attackers contain frail the two bugs towards Adaptive Security Appliance (ASA) and Firepower Menace Defense (FTD) firewalls in a campaign dubbed ArcaneDoor, focusing on authorities networks worldwide.