Critical Cisco Vulnerability Allows Remote Password Changes

A flaw in Cisco Smart Software Manager On-Prem enables attackers to alter any user's password without authentication.

The vulnerability, CVE-2024-20419, has a maximum CVSS score of 10, indicating severe risk.
Attackers can exploit the flaw by sending crafted HTTP requests, gaining admin-level access.
No workarounds exist; affected systems must be patched immediately to mitigate risk.
Cisco has not observed active exploitation yet, but the potential impact is significant.
The bug affects both SSM On-Prem and SSM Satellite versions before release 9.