Project Hyphae
Search

CVE-2024-20419 | Critical Cisco SSM Vulnerability

Share This Post

CVSS 3.1 : 10 | Critical

Cisco has just released a patch to mitigate an emerging vulnerability in Cisco’s Smart Software Manager (SSM) On-Prem systems that allows an unauthenticated remote attacker to change administrative accounts’ passwords and if successful, access the web UI or API with the privileges of the compromised user.

Currently there is no known activity of this exploit being utilized in the wild.

“This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.” – Cisco stated.

Sources:

Critical Cisco bug allows crims to change admin passwords • The Register

Cisco Smart Software Manager On-Prem Password Change Vulnerability

Cisco SSM On-Prem bug lets hackers change any user’s password (bleepingcomputer.com)

https://nvd.nist.gov/vuln/detail/CVE-2024-20419



Reach out to our incident response team for help

More To Explore

Information Security News – 5/12/2025

Microsoft Sets Passkeys Default for New Accounts Article Link: https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html Accenture: What We Learned When Our CEO Got Deepfaked Article Link: https://www.computing.co.uk/event/2025/accenture-what-we-learned-when-our-ceo-got-deepfaked Ghost Students Creating

Marcus Cylar May 12, 2025

Information Security News – 5/5/2025

Cloudflare Sees a Big Jump in DDoS Attacks Article Link: https://www.bleepingcomputer.com/news/security/cloudflare-mitigates-record-number-of-ddos-attacks-in-2025/ Bring Your Own Computer Trend Gives Cyber Pros Chills, Yet It’s Here to Stay

Jo Moldenhauer May 5, 2025

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.