Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
High-Severity Cisco Bug Grants Attackers Password Access
The vulnerability was given the highest CVSS score possible, though few details have been released due to its severity.
1 Min Read
_designer491_alamy.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale "A blue sticky note with \"My password 123456\" written on it on a laptop keyboard")
Source: designer491 via Alamy Stock Photo
Cisco has released a patch for a maximum-severity vulnerability, tracked as CVE-2024-20419, that allows threat actors to change any user or admin password.
The vulnerability carries a CVSS rating of 10, however, the company has not released many details about the bug, likely due to how high risk it is.
The attack complexity was deemed low, as no privileges or user interaction is necessary to complete the action, but the impact on the product's integrity, availability, and confidentiality are all deemed high.
"An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device," Cisco said in a statement. "A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user."
This vulnerability affects SSM On-Prem and SSM Satellite. There are no workarounds for the vulnerability, so it's recommended that users apply patches for the bug as soon as possible.
Cisco has not released any additional information regarding this vulnerability in the wild or how many users have been potentially impacted. SSM On-Prem is primarily used by "financial institutions, utilities, service providers, and government organizations," according to the vendor, so organizations in these sectors should be especially wary.
About the Author
You May Also Like
More Insights
