Main Vulnerability Database Exploits ID:10530 - Exploit for Unverified Password Change in Cisco Smart Software Manager On-Prem - CVE-2024-20419

ID:10530 - Exploit for Unverified Password Change in Cisco Smart Software Manager On-Prem - CVE-2024-20419

Published: September 24, 2024

Vulnerability identifier: #VU94511

Vulnerability risk: High

CVE-ID: CVE-2024-20419

CWE-ID: CWE-620

Exploitation vector: Remote access

Vulnerable software:
Cisco Smart Software Manager On-Prem

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/admin/http/cisco_ssm_onprem_account

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to lack of proper validation of the old password before setting a new password. A remote attacker can send specially crafted HTTP requests and access the web UI or API with the privileges of the compromised user.

Remediation

Install updates from vendor's website.

ID:10530 - Exploit for Unverified Password Change in Cisco Smart Software Manager On-Prem - CVE-2024-20419

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human