Cisco software flaw could have allowed hackers to change any passwords

Cisco Smart Software Manager On-Prem carried a 10/10 software flaw

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cisco has released a patch to fix a maximum-severity vulnerability found on the company’s Smart Software Manager On-Prem instances.

The networking giant had added there are no workarounds for the flaw, so users should patch immediately, as the vulnerability could allow malicious actors to change the password of any user, administrators included, which could, in some scenarios, result in data theft, and possibly evenransomwareattacks.

The vulnerability is tracked as CVE-2024-20419, and has a “perfect” severity score - 10.

Managing Cisco software licenses

Managing Cisco software licenses

“This vulnerability is due to improper implementation of the password-change process,” Cisco said in an advisory bulletin. “An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.”

The Cisco Smart Software Manager On-Prem (SSM On-Prem) is a solution enabling organizations to manage their Cisco software licenses and entitlements within their own network environment (as opposed to the cloud). It offers a centralized, on-premises system for administering Cisco Smart Licensing, which helps customers track and manage their software assets effectively.

In its writeup,ArsTechnicasaid that it wasn’t entirely clear what hackers could do by abusing the flaw, and speculated that the web user interface and application programming interface could allow them to pivot to other Cisco devices connected to the same network. From there, they could steal data, run ransomware attacks, and similar.

So far, there is no evidence of the vulnerability being exploited in the wild.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cisco is a popular networking gear manufacturer, which also makes it a major target for cyberattacks. In late April this year, unidentified, sophisticated threat actors, possibly affiliated with nation-states in the East, were found abusing two flaws in Cisco VPNs and firewalls, to drop malware used for espionage. Their targets included governments and critical infrastructure networks all around the world.

A month earlier, the company patched a high-severity flaw in one of its software products which could have been leveraged to open a VPN session with a target endpoint.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet