Particle.news
Download on the App Store
3 ARTICLES
·
9mo ago

Critical Cisco Vulnerability Allows Remote Password Changes

A flaw in Cisco Smart Software Manager On-Prem enables attackers to alter any user's password without authentication.

Overview

  • The vulnerability, CVE-2024-20419, has a maximum CVSS score of 10, indicating severe risk.
  • Attackers can exploit the flaw by sending crafted HTTP requests, gaining admin-level access.
  • No workarounds exist; affected systems must be patched immediately to mitigate risk.
  • Cisco has not observed active exploitation yet, but the potential impact is significant.
  • The bug affects both SSM On-Prem and SSM Satellite versions before release 9.