Cisco Patches Severe SSM On-Prem Vulnerability (CVE-2024-20419)

Cisco has resolved a critical vulnerability in Cisco SSM On-Prem, which allowed the alteration of any user’s password, including that of administrators. As a component of Cisco Smart Licensing, SSM On-Prem aids service providers and Cisco partners in managing customer accounts and product licenses.

CVE-2024-20419 (CVSS score: 10.0) is caused by an improper implementation of the password change process. An attacker could exploit this flaw by sending specially crafted HTTP requests to the vulnerable device. A successful exploit would allow the attacker to access the user’s web interface or API with the compromised user’s privileges.

The flaw affects Cisco SSM On-Prem versions 8-202206 and earlier and was fixed in version 8-202212. Notably, version 9 is not susceptible to this vulnerability. The issue also impacts local installations of SSM earlier than version 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).

Cisco has stated that there are no workarounds for this issue, and the company is unaware of any malicious exploitation.

Previously, Cisco addressed a zero-day vulnerability in NX-OS, which was used to install unknown malware with root privileges on vulnerable Cisco Nexus switches. Cybersecurity firm Sygnia first reported the zero-day vulnerability in Cisco and linked the attacks to Chinese government hackers, Velvet Ant. The primary goal of the group is espionage, focusing on establishing long-term access to the victim’s network.

Velvet Ant was first documented by Sygnia in May in connection with a cyberattack on an unnamed organization in East Asia, which lasted for approximately three years. The malware exploited outdated F5 BIG-IP devices for the covert theft of client and financial information.