Cisco warns that exploit code is now accessible for a most severity vulnerability that lets attackers change any consumer password on unpatched Cisco Good Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers.
As a Cisco Good Licensing part, Cisco SSM On-Prem helps handle accounts and product licenses on a company’s surroundings utilizing a devoted dashboard on the native community.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is accessible for the vulnerability that’s described on this advisory,” the corporate warned on Wednesday.
Nevertheless, Cisco has but to search out proof of attackers exploiting this safety flaw (tracked as CVE-2024-20419) within the wild.
CVE-2024-20419 is brought on by an unverified password change weak spot in SSM On-Prem’s authentication system. This weak spot lets unauthenticated attackers remotely change any consumer password (together with these used for administrator accounts) with out figuring out the unique credentials.
“This vulnerability is because of improper implementation of the password-change course of. An attacker may exploit this vulnerability by sending crafted HTTP requests to an affected gadget,” Cisco defined in July when it launched safety updates to deal with the flaw.
“A profitable exploit may permit an attacker to entry the net UI or API with the privileges of the compromised consumer.”
No workarounds can be found for impacted programs, and all admins should improve to a set launch to safe susceptible SSM On-Prem servers.
Final month, Cisco additionally patched a crucial vulnerability that permits attackers so as to add new customers with root privileges and completely crash Safety E-mail Gateway (SEG) home equipment utilizing emails with malicious attachments and fastened an NX-OS zero-day (CVE-2024-20399) that had been exploited within the wild since April to put in beforehand unknown malware as root on susceptible MDS and Nexus switches.
Immediately, CISA warned admins to disable the legacy Cisco Good Set up characteristic after seeing it abused in current assaults to steal delicate knowledge like system configuration information.
