CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-20419

Medium Severity
SVRS
30/100
CVSSv3
10.0/10
EPSS
0.89935/1

CVE-2024-20419 allows remote attackers to change passwords on Cisco Smart Software Manager On-Prem. This vulnerability stems from improper password change implementation, permitting unauthorized access and control. An attacker can exploit this by sending crafted HTTP requests.

This critical flaw in Cisco's SSM On-Prem authentication lets attackers compromise user accounts. Despite a CVSS score of 10, the SOCRadar Vulnerability Risk Score (SVRS) is 30 indicating a moderate risk level for now. However, given the existence of active exploits, the risk may be rapidly changing. Exploiting this flaw enables attackers to gain unauthorized access to the web UI and API, potentially escalating privileges. Immediate patching and security audits are strongly advised.

TAGS
In The Wild
Exploit Avaliable
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-07-17
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-20419 is a critical vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) that allows an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process.

Key Insights:

  • High Severity: The CVSS score of 10 indicates that this vulnerability is highly severe and requires immediate attention.
  • SVRS Score: The SOCRadar Vulnerability Risk Score (SVRS) of 36 highlights the urgency of this threat, as a score above 80 signifies a critical vulnerability.
  • Active Exploitation: This vulnerability is actively exploited in the wild, making it a significant threat to organizations using Cisco SSM On-Prem.

Mitigation Strategies:

  • Apply Software Updates: Install the latest software updates from Cisco to patch the vulnerability.
  • Enable Two-Factor Authentication: Implement two-factor authentication for all user accounts to prevent unauthorized access.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and block any attempts to exploit the vulnerability.
  • Restrict Access: Limit access to the web UI and API to only authorized users.

Additional Information:

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
codeb0ss/CVE-2024-20419-PoChttps://github.com/codeb0ss/CVE-2024-20419-PoC2024-09-05
Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover2025-04-10
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Thursday, July 18th, 2024
Dr. Johannes B. Ullrich2024-07-18
ISC StormCast for Thursday, July 18th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. AndroxGh0st; Cisco SSM Vuln; Cisco Email Gateway Vuln; MSFT Checkpoint Updates; GeoServer Patch;Who You Gonna Call: Androx Gh0st Busters! https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086 Cisco Smart Software Manager Vulnerability CVE-2024-20419 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401 <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
sans.edu
rss
forum
news
Cisco warns of backdoor admin account in Smart Licensing Utility - BleepingComputer
2024-09-04
Cisco warns of backdoor admin account in Smart Licensing Utility - BleepingComputer | News Content: Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. CSLU is a Windows application that helps manage licenses and linked products on-premises without connecting them to Cisco's cloud-based Smart Software Manager solution. The company says this critical vulnerability (CVE-2024-20439) allows unauthenticated attackers to log into unpatched systems remotely using an "undocumented static user credential for an administrative account." "A successful exploit could allow the attacker to
google.com
rss
forum
news
Cisco warns of backdoor admin account in Smart Licensing Utility - BleepingComputer
2024-09-04
Cisco warns of backdoor admin account in Smart Licensing Utility - BleepingComputer | News Content: By Sergiu Gatlan 12:58 PM Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. CSLU is a Windows application that helps manage licenses and linked products on-premises without connecting them to Cisco's cloud-based Smart Software Manager solution. The company says this critical vulnerability (CVE-2024-20439) allows unauthenticated attackers to log into unpatched systems remotely using an "undocumented static user credential for an administrative account." "A successful
google.com
rss
forum
news
Metasploit Weekly Wrap-Up 09/27/2024
Christophe De La Fuente2024-09-27
Metasploit Weekly Wrap-Up 09/27/2024 | This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Thank you to all the contributors who made it possible!Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors
rapid7.com
rss
forum
news
Active exploitation of Cisco Smart Install underway - SC Media
2024-08-12
Active exploitation of Cisco Smart Install underway - SC Media | News Content: SecurityWeek reports that organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing attacks targeting misconfigured Cisco network devices with the Smart Install functionality. More than 6,000 IPs with Cisco SMI were observed by the Shadowserver Foundation to have been exposed to the internet, with CISA noting that exploitation has been made easier by the prevalence of weak passwords in such devices. "Once access is gained a threat actor would be able to access system configuration files easily. Access to these configuration files and system
google.com
rss
forum
news
Cisco Smart Software Manager On-Prem Password Change Vulnerability
2024-08-08
Cisco Smart Software Manager On-Prem Password Change Vulnerability | A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.</p
cve-2024-20419
domains
urls
cves
Data Breaches Digest - Week 29 2024
Dunkie ([email protected])2024-07-15
Data Breaches Digest - Week 29 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 15th July and 21st July 2024. 21st July <br
dbdigest.com
rss
forum
news

Social Media

Our latest @metasploit weekly wrap-up details multiple new modules including an account takeover vulnerability in Cisco Smart Software Manager (SSM) On-Prem &lt;= 8-202206 (CVE-2024-20419) more details here: https://t.co/q8myze8QAd #infosec #cybersecurity
0
1
0
#Vulnerability #CiscoSSMOnPrem Cisco Warns of Public PoC Exploit Code of Critical CVE-2024-20419 (CVSS 10) Flaw https://t.co/QZAKj7uZk4
0
0
0
Actively exploited CVE : CVE-2024-20419
1
0
0
Cisco SSM On-Prem; Account Takeover (CVE-2024-20419) https://t.co/oqg9qjH4Wu #Pentesting #CVE #CyberSecurity #Infosec https://t.co/CU6PZTTb4q
0
1
1
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability https://t.co/FtFXrtQEAQ https://t.co/UrdJuY4OWf
0
0
0
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability https://t.co/dsyywiJFYp https://t.co/zTdetdSU12
0
0
0
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability https://t.co/4ekN3RjchS https://t.co/N48dbiWn3z
0
0
0
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability https://t.co/PKA2eAYO5z https://t.co/m6dIaDvJCY
0
0
0
PoC Exploit Releases for Cisco SSM On-Prem Account Takeover (CVE-2024-20419) Flaw https://t.co/ghqL9k09bE
0
0
2
CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability https://t.co/aE5elfATsp https://t.co/QmeJqumO62
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
[email protected]https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
[email protected]https://www.secpod.com/blog/critical-flaw-in-ciscos-secure-email-gateways-allows-attackers-to-control-the-device-completely/
CISCO-SA-CSSM-AUTH-SLW3UHUYhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
GITHUBhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy

CWE Details

CWE IDCWE NameDescription
CWE-620Unverified Password ChangeWhen setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence