Project Hyphae
Search

CVE-2024-20419 | Critical Cisco SSM Vulnerability

Share This Post

CVSS 3.1 : 10 | Critical

Cisco has just released a patch to mitigate an emerging vulnerability in Cisco’s Smart Software Manager (SSM) On-Prem systems that allows an unauthenticated remote attacker to change administrative accounts’ passwords and if successful, access the web UI or API with the privileges of the compromised user.

Currently there is no known activity of this exploit being utilized in the wild.

“This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.” – Cisco stated.

Sources:

Critical Cisco bug allows crims to change admin passwords • The Register

Cisco Smart Software Manager On-Prem Password Change Vulnerability

Cisco SSM On-Prem bug lets hackers change any user’s password (bleepingcomputer.com)

https://nvd.nist.gov/vuln/detail/CVE-2024-20419



Reach out to our incident response team for help

More To Explore

Information Security News – 10/27/2025

AWS Outage Exposes ‘Dangerous’ Over-Reliance on US Cloud Giants Article Link: https://www.datacenterknowledge.com/outages/aws-outage-exposes-dangerous-over-reliance-on-us-cloud-giants Microsoft Threatens to Ram Copilot into Exchange Server On-Prem Article Link: https://www.theregister.com/2025/10/23/copilot_exchange_server/ Ransomware

Marcus Cylar October 28, 2025

Information Security News – 10/20/2025

Arup’s $25M Deepfake Loss: Anatomy of an AI-Powered Scam Article Link: https://www.adaptivesecurity.com/blog/arup-deepfake-scam-attack U.S. Warns That Hackers Using F5 Devices to Target Government Networks Article Link:

Jo Moldenhauer October 24, 2025

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.