Smart Software Manager On-Prem

2024: A hole in the platform has allowed any system users to change passwords for years

On July 17, 2024, Cisco announced the discovery of a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) system. This hole, which received the maximum hazard rating, allowed any users to change passwords for years.

Flaw (CVE-2024-20419) received a CVSS score of 10.0. To exploit it, it is enough for a cybercriminal to send an HTTP request formed in a special way to the device. After that, an attacker can gain access to a web interface or API with the privileges of a compromised user. The situation is aggravated by the fact that there are no workarounds to solve the problem.

𝓲

Bloomberg

A vulnerability in the Cisco SSM On-Prem authentication system allows an unauthenticated remote attacker to change the password of any user, including users with administrator rights, according to an official notification from an American developer.

The vulnerability is present in Cisco SSM On-Prem version 8-202206 and earlier product modifications. In addition, the problem applies to the Cisco Smart Software Manager Satellite (SSM Satellite) - this was the name of the solution before Release 7.0.

The network equipment manufacturer also fixed a critical file write vulnerability in Secure Email Gateway (CVE-2024-20401 CVSS score: 9.8). This hole allows attackers to add new users with root privileges and disable devices by sending emails with malicious attachments. The vulnerability is related to incorrect processing of email attachments when file analysis and activated content filters are enabled. Cisco has released updates for both holes - it is highly recommended to download them as soon as possible.^[1]

Notes