CVE-2024-20419: Cisco Smart Software Manager On-Prem (SSM On-Prem) authentication vulnerability allows remote attackers to change any user's password

Introduction: Protecting your network is essential, especially if you are managing critical operations that other users depend on. In this article, we will discuss a vulnerability discovered in Cisco Smart Software Manager On-Prem (SSM On-Prem) that enables attackers to exploit the authentication system. With this vulnerability, attackers can change the password of any user, including administrative users.

Official references:
1. [Cisco Advisory] (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190827-smartswmgr-passwordchange)
2. [National Vulnerability Database Entry - CVE-2024-20419] (https://nvd.nist.gov/vuln/detail/CVE-2024-20419)

Vulnerability details

This specific vulnerability is referred to as CVE-2024-20419. It targets Cisco SSM On-Prem, a software platform solution for managing Cisco Smart Licenses. The vulnerability stems from improper implementation of the password-change process. Instead of using the correct authentication protocol, the application accepts unauthenticated remote attackers' crafted HTTP requests, enabling unauthorized access. If exploited, an attacker can access the web UI or API with the compromised user's privileges.

The following code snippet demonstrates a sample HTTP request that an attacker could use in their exploit attempt:

POST /api/users/1/password HTTP/1.1
Host: example-cisco-ssm-on-prem/
Content-Type: application/json
{
  "oldPassword": "not_the_actual_old_password",
  "newPassword": "the_new_password"
}

Exploitation process

An attacker would send the above-crafted HTTP request to the affected Cisco SSM On-Prem instance. The password change is unauthorized and not validated, allowing the attacker to change any user's password, including administrative ones. They can use the new password to access the web UI or API, potentially compromising the entire network and putting the entire company's data at risk.

Mitigation steps and recommendations

Cisco has released software updates that address this vulnerability.

The fixes include

1.Cisco Smart Software Manager On-Prem: Updated to Release 7.1.7 and later.

Customers connected to Cisco's Smart Software Manager (SSM) are unaffected as this only applies to the on-premises version.

To prevent exploitation of this vulnerability, users are advised to apply the latest software patches that Cisco has released. More information about the fixes can be found in the [Cisco Advisory] (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190827-smartswmgr-passwordchange).

Additionally, familiarize yourself with best practices for maintaining robust security across your network infrastructure. Periodic audits and regular user training can prevent unauthorized access and ensure that your company remains protected against similar vulnerabilities in the future.

Conclusion

CVE-2024-20419 is a critical vulnerability that could have severe consequences if exploited by malicious actors. Proper attention to software updates and adherence to network security best practices can go a long way in mitigating these risks. Stay informed and vigilant about the evolving threat landscape, and remain prepared to respond to future security incidents.

Timeline

Published on: 07/17/2024 17:15:14 UTC
Last modified on: 07/18/2024 12:28:43 UTC