Detections
Analytics
Cisco Smart Software Manager On-Prem Password Change (cisco-sa-cssm-auth-sLw3uhUy)
critical Nessus Plugin ID 205336
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, Cisco Smart Software Manager On-Prem Password Change is affected by a vulnerability.- A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.
(CVE-2024-20419)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwk21399See Also
Plugin Details
Severity: Critical
ID: 205336
File Name: cisco-sa-cssm-auth-sLw3uhUy.nasl
Version: 1.2
Type: combined
Family: CISCO
Published: 8/9/2024
Updated: 8/12/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-20419
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:cisco:smart_software_manager_on-prem
Required KB Items: Cisco Smart Software Manager On-Prem
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/17/2024
Vulnerability Publication Date: 7/17/2024
Reference Information
CVE: CVE-2024-20419