Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Cisco Smart Software Manager (SSM) On-Prem
Alerts

Critical Vulnerability in Cisco Smart Software Manager (SSM) On-Prem

19 July 2024

Cisco has released security updates to address a critical vulnerability (CVE-2024-20419) in their Cisco Smart Software Manager (SSM) On-Prem product. The vulnerability has a maximum Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the vulnerability, which is caused by the improper implementation of the password-change process, could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.

The vulnerability affects Cisco SSM On-Prem versions 8-202206 and earlier, and all versions of its predecessor Cisco SSM Satellite.

Users and administrators of the affected product versions are advised to update to the latest version immediately.

More information is available here: 

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy 

https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html 

https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/ 

Back to top