CVE-2024-20419: Cisco Smart Software Manager On-Prem Password Change Vulnerability
2024-8-9 19:59:59 Author: www.tenable.com(查看原文) 阅读量:27 收藏

Rody Quinlan

Research Header Proof-of-Concept

Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available.

Background

On July 17, 2024, Cisco published an advisory for a critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem):

CVEDescriptionCVSSv3
CVE-2024-20419Cisco Smart Software Manager On-Prem Password Change Vulnerability10

Analysis

CVE-2024-20419 is an unverified password change weakness within the Cisco SSM On-Prem interface due to improper validation. Specifically, the flaw allows an unauthenticated, remote attacker to exploit an insufficient authentication mechanism, changing the password of any user by sending specially crafted HTTP requests without prior knowledge of the existing password. The vulnerability affects Cisco SSM On-Prem version 8-202206 and earlier, including releases prior to 7.0 where the product was named Cisco SSM Satellite.

Successful exploitation could result in access to the web interface or API of Cisco SSM On-Prem in the context of the compromised user account. The vulnerability is considered critical as the complexity of the attack is low and could lead to full administrative control over the SSM On-Prem instance. This control could be used to disrupt the organization's software management processes, gain unauthorized access to sensitive resources and potentially carry out further attacks within the network.

On August 7, 2024, Cisco updated their advisory to reflect that public proof-of-concept (PoC) exploit code was now available, heightening the urgency to patch.

Proof of concept

On July 20, 2024, Mohammed Adel, a penetration tester with a previous history of developing exploits, published a detailed writeup explaining the root cause of the vulnerability and his PoC exploit code. The writeup also visually demonstrates the PoC being leveraged against an administrative account to change the password highlighting the vulnerabilities ease of exploitation.

Credit: Mohammeds writeup

Solution

Cisco has issued patches for all affected versions of Cisco SSM On-Prem. At the time of this blog there is no indication of exploitation in-the-wild, but with exploit code publicly available, administrators are strongly advised to apply these patches without delay to mitigate the risk of exploitation. The following table reflects affected and patched versions:

Affected VersionsPatched Version
8-202206 and earlier8-202212
9Not Vulnerable

Cisco has highlighted that there are no workarounds for this vulnerability.

Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-20419 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Rody Quinlan

Rody Quinlan

Rody Quinlan previously worked at Tenable but couldn't stay away and in mid 2024 returned as a member of the Security Response Team (SRT). Prior to this he led the Security Operations team at Fenergo, a fintech unicorn, for a number of years delivering a number of functions including incident response, threat intelligence and vulnerability management. He has also worked previously as a Senior Threat & Vulnerability Management Analyst for one of Ireland's pillar banking institutions as well as a security supervisory role in a leading cloud providers data centers for a number of years. He holds and maintains a number of certifications too long to list here but can be found on his LinkedIn and Credly profiles, is an avid learner and usually has at least one course on the go at any given time. 

Interests outside of work: Whether he’s holding a recurve or compound bow, Rody enjoys some downtime from screens on the archery range. He also enjoys building props from his favorite films and TV series and is an avid fan of Sir Terry Pratchett's works.

Related Articles

  • Exposure Management
  • Vulnerability Management

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable Vulnerability Management trials created everywhere except UAE will also include Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank you

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/cve-2024-20419-cisco-smart-software-manager-on-prem-password-change-vulnerability
如有侵权请联系:admin#unsafe.sh