Cisco discovered a severe vulnerability in its Smart Software Manager On-Prem devices, posing a significant user risk. The flaw, identified as CVE-2024-20419 with a severity rating of 10, allows remote attackers without authentication to change the passwords of any user, including administrators.
The Cisco Smart Software Manager On-Prem solution is essential for organisations that prefer to handle their Cisco licensing locally instead of relying on cloud-based alternatives. This on-site system offers a comprehensive interface for monitoring and managing all Cisco licenses deployed within a company’s infrastructure.
For businesses that require or favour direct, on-premises control over their licensing, this tool plays a crucial role in efficiently overseeing their network resources and software assets.
In a recent security bulletin, Cisco highlighted the gravity of the vulnerability. “This vulnerability is due to improper implementation of the password-change process,” the bulletin states.
Any malicious actor could exploit this weakness by sending specially designed HTTP requests to vulnerable devices. If successful, such an attack could allow unauthorised individuals to modify account credentials, potentially granting them improper access to the system’s web interface or API.
The level of access gained would depend on the privileges associated with the compromised account.
The full extent of what an attacker can do after gaining administrative control over the device remains unclear. However, the potential for significant damage exists. With administrative access, an attacker could potentially:
- Compromise other Cisco devices on the same network.
- Steal sensitive data.
- Encrypt files for ransom.
- Execute further malicious activities across the network.
The lack of immediate workarounds to mitigate this threat heightens the urgency for affected organisations to apply the security update provided by Cisco.
To address this significant security issue, Cisco released a patched software version. While the company reports that there are no known instances of malicious actors exploiting this vulnerability, the potential risks are substantial.
Given the severity of the threat, Cisco strongly recommends that all users of affected systems apply the security update promptly to protect their infrastructure from possible attacks.
Recently, Chinese threat actors exploited Cisco switches to deliver malware. In April 2024, reports emerged that the state-sponsored cybercriminals group UAT4356 exploited Cisco’s zero-day flaw to plant spyware.
In the News: Cybercriminals are selling Antivirus-bypass software online
