CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-20419

CVSS 10.0v3.1pub. 2024-07-17upd. 2025-07-31

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.

🤖 AI Analysis
How it works

The vulnerability results from improper implementation of the password change process in the SSM On-Prem system. An attacker can send properly crafted HTTP requests to the vulnerable device without any prior authentication. Successful exploitation of the vulnerability allows changing the password of a selected user, and then logging into the web interface or API with the privileges of the compromised account.

Impact

An attacker can gain full access to the SSM On-Prem web interface or API with privileges of any arbitrarily selected user, including administrative accounts, resulting in complete system takeover.

Mitigation & patch

Apply patches available from the vendor in accordance with references published in Cisco Security Advisory (cisco-sa-cssm-auth-sLw3uhUy). Until updates are applied, it is recommended to restrict network access to the SSM On-Prem web interface and API only to trusted hosts.

Who is affected

Cisco Smart Software Manager On-Prem (SSM On-Prem) — specific versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Smart Software Manager On Prem

    APP
    Cisco
    < 8-202112
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-20160CRITICAL9.8PL ✓ten sam produkt

RCE z uprawnieniami root w Cisco Smart Software Manager On-Prem

CVE-2020-3158CRITICAL9.1ten sam produkt

A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an u...

CVE-2019-16029CRITICAL9.1ten sam produkt

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could a...

CVE-2022-20808HIGH7.7ten sam produkt

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote att...

CVE-2021-1219HIGH7.8ten sam produkt

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to acce...