Description

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.

INFO

Published Date :

2024-07-17T16:27:35.418Z

Last Modified :

2025-02-13T17:32:31.164Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20419 vulnerability.

Vendors Products
Cisco
  • Smart Software Manager On-prem
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20419.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy cve-icon cve-icon
https://www.secpod.com/blog/critical-flaw-in-ciscos-secure-email-gateways-allows-attackers-to-control-the-device-completely/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact