Cisco has recently addressed a significant security flaw in its Smart Software Manager On-Prem (Cisco SSM On-Prem), releasing patches to mitigate the risk posed by this vulnerability. The flaw, identified as CVE-2024-20419, has a maximum severity rating with a CVSS score of 10.0, indicating its potential for severe impact if exploited.
Understanding the Vulnerability
The core issue, as outlined by Cisco, stems from an improper implementation of the password-change process. This flaw can be exploited by a remote, unauthenticated attacker who can send crafted HTTP requests to an affected device. Successfully exploiting this vulnerability allows the attacker to change the password of any user account, including administrative accounts. Consequently, this would grant them access to the web UI or API with the same privileges as the compromised user.
Cisco’s advisory on this vulnerability highlights the critical nature of the issue: “An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.”
Impacted Versions and Mitigation
The vulnerability affects Cisco SSM On-Prem versions 8-202206 and earlier. The company has issued a fix in version 8-202212, and it is important to note that version 9 is not susceptible to this flaw. Cisco strongly recommends that users of affected versions update to the latest patched version to mitigate any potential risks.
There are no known workarounds for this vulnerability, making the application of the provided patches critical. Despite the severity, Cisco has confirmed that there are currently no reports of malicious exploitation of this vulnerability in the wild. The discovery and reporting of the flaw have been credited to security researcher Mohammed Adel.
Broader Security Context
This disclosure from Cisco coincides with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding three additional vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities have been included based on evidence of active exploitation, underscoring the ongoing need for vigilance in cybersecurity.
CVE-2024-34102: This vulnerability, with a CVSS score of 9.8, affects Adobe Commerce and Magento Open Source. It is an improper restriction of XML External Entity Reference (XXE) vulnerability. Also known as CosmicSting, it results from improper handling of nested deserialization, potentially allowing attackers to achieve remote code execution. A proof-of-concept (PoC) exploit for this flaw was released by Assetnote in late June.
CVE-2024-28995: This directory traversal vulnerability in SolarWinds Serv-U, which has a CVSS score of 8.6, could enable attackers to access sensitive files on the host machine. GreyNoise has reported exploitation attempts that include efforts to read critical files like /etc/passwd.
CVE-2022-22948: Although an older flaw with a CVSS score of 6.5, this VMware vCenter Server vulnerability involves incorrect default file permissions. Its exploitation has been attributed to a China-nexus cyber espionage group known as UNC3886, noted for leveraging zero-day flaws in various appliances, including those from Fortinet, Ivanti, and VMware.
Mandatory Actions for Federal Agencies
In response to these threats, CISA has mandated that federal agencies apply the necessary mitigations as per vendor instructions by August 7, 2024. This directive is part of a broader effort to secure federal networks against these active threats, emphasizing the importance of timely patching and updating of vulnerable systems.
Conclusion
The discovery of the CVE-2024-20419 vulnerability in Cisco SSM On-Prem and the subsequent addition of new entries to the CISA KEV catalog highlight the ever-present and evolving nature of cybersecurity threats. Organizations using affected Cisco software are urged to apply the latest patches without delay to protect their systems from potential exploitation. Additionally, staying informed about vulnerabilities and actively participating in mitigation efforts are crucial steps in maintaining robust cybersecurity defenses.
As cybersecurity threats continue to evolve, proactive measures and timely responses to vulnerabilities are essential to safeguarding sensitive information and maintaining the integrity of critical infrastructure.
Follow us on (Twitter) for real time updates and exclusive content.
Interesting Article : BeaverTail Reborn: North Korean Hackers Update Malware to Target macOS Users
Pingback: Massive $230 Million Crypto Heist: WazirX Exchange Hit by Security Breach