CVE-2024-20419 | Critical Cisco SSM Vulnerability

Share This Post

CVSS 3.1 : 10 | Critical

Cisco has just released a patch to mitigate an emerging vulnerability in Cisco’s Smart Software Manager (SSM) On-Prem systems that allows an unauthenticated remote attacker to change administrative accounts’ passwords and if successful, access the web UI or API with the privileges of the compromised user.

Currently there is no known activity of this exploit being utilized in the wild.

“This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.” – Cisco stated.

Sources:

Critical Cisco bug allows crims to change admin passwords • The Register

Cisco Smart Software Manager On-Prem Password Change Vulnerability

Cisco SSM On-Prem bug lets hackers change any user’s password (bleepingcomputer.com)

https://nvd.nist.gov/vuln/detail/CVE-2024-20419



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.