Vulnerability Management, Network Security
Maximum severity Cisco SSM On-Prem vulnerability addressed

(Adobe Stock Images)
BleepingComputer reports that patches have been issued by Cisco for a maximum severity flaw impacting its Smart Software Manager On-Prem license servers and older installations of SSM On-Prem, also known as Cisco Smart Software Manager Satellite. Such a vulnerability, tracked as CVE-2024-20419, could be exploited to facilitate web UI or API access and eventually allow the unauthenticated creation of new user passwords, according to Cisco. "This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device," said Cisco, which has not observed any active abuse of the flaw. Cisco's fixes come weeks after it addressed an NX-OS zero-day, tracked as CVE-2024-20399, leveraged in malware attacks against MDS and Nexus switches. Another pair of Cisco zero-days, tracked as CVE-2024-20353 and CVE-2024-20359, were also noted by the firm to have been leveraged in attacks by the China-linked threat operation Storm-1849, also known as UAT4356.
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds