Critical Flaw in Cisco Smart Software Manager Allows Attackers to Control the Device

A critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-prem) authentication system that allowed unauthenticated, remote attackers to change the password of any user, including that of administrators, has been fixed.

The vulnerability, CVE-2024-20419, affects Cisco Smart Software Manager (SSM On-prem) and Cisco Manager Satellite (SSM Satellite). Both of these are the same products. Until the release of 7.0, SSM On-Prem software was called SSM Satellite.

Cisco has released software updates to address the vulnerability, as there are no workarounds.

The vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. If the exploit is successful, the attacker gets access to the web UI or API with the privileges of the compromised user.

Customers are strongly advised to upgrade to the fixed software release to ensure their Smart Software Manager On-Prem installations are secured against any exploitation.

SanerNow patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. SanerNow patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.