High-Severity Cisco Bug Grants Attackers Password Access

  /     /     /  
Publicated : 23/11/2024   Category : security


High-Severity Cisco Bug Grants Attackers Password Access


The vulnerability was given the highest CVSS score possible, though few details have been released due to its severity.



Cisco
has released a patch for a maximum-severity vulnerability, tracked as CVE-2024-20419, that allows threat actors to change any user or admin password.
The vulnerability carries a CVSS rating of 10, however, the company has not released many details about the bug, likely due to how high risk it is.
The attack complexity was deemed low, as no privileges or user interaction is necessary to complete the action, but the impact on the products integrity, availability, and confidentiality are all deemed high.
An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device,
Cisco said in a statement
. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.
This vulnerability
affects SSM On-Prem and SSM Satellite. There are no workarounds for the vulnerability, so its recommended that users apply patches for the bug as soon as possible. 
Cisco has not released any additional information regarding this vulnerability in the wild or how many users have been potentially impacted. SSM On-Prem is primarily used by financial institutions, utilities, service providers, and government organizations, according to the vendor, so organizations in these sectors should be especially wary. 

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
High-Severity Cisco Bug Grants Attackers Password Access