CVE-2024-20419

Summary

CVE-2024-20419 is a newly disclosed vulnerability affecting Cisco Smart Software Manager On-Prem (SSM On-Prem). This issue lies in the authentication system where an unauthenticated, remote attacker can manipulate passwords for any user, including administrative ones. This vulnerability arises due to an improper implementation of the password-change process. An adversary can exploit it by sending customized HTTP requests towards an affected device, potentially granting them access to the web UI or API with the compromised user's privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.