Cisco SSM On-Prem bug allows change any user’s password

infosecbulletin Thursday , July 18 2024 Vulnerabilities

CISCO fixed a vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem). The vulnerability could allow an attacker without authentication to change the password of any user, even administrative users.

The problem is caused by not implementing the password-change process correctly. An attacker could take advantage of this by sending specific HTTP requests to a device. If successful, the attacker could access the web UI or API using the compromised user’s privileges.

The issue affects SSM On-Prem installations before Release 7.0, which is called Cisco Smart Software Manager Satellite (SSM Satellite).

“This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device,” Cisco explained.

Cisco’s Product Security Incident Response Team (PSIRT) has not found any evidence of public proof of concept exploits or exploitation attempts targeting this vulnerability.

No workarounds are available for systems affected by this security flaw. All administrators must upgrade to a fixed release in order to secure vulnerable servers in the environment.

Cisco warned in April about a state-sponsored hacking group called UAT4356 and STORM-1849. This group was exploiting two zero-day bugs, namely CVE-2024-20353 and CVE-2024-20359.

Since November 2023, attackers have used two bugs to target government networks worldwide through a campaign called ArcaneDoor, attacking Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls.