Flash Notice: Critical Vulnerability in Cisco Smart Software Manager

overview

A critical vulnerability, tracked as CVE-2024-20419 (CVSS 10), has been found in Cisco Smart Software Manager On-Prem (SSM On-Prem), allowing unauthenticated remote attackers to change any user password, including administrative accounts. This flaw is due to improper implementation of the password-change process. 

Affected products include: 

• Cisco SSM On-Prem 
• Cisco Smart Software Manager Satellite (SSM Satellite) 
• Note: Cisco SSM Satellite is the previous name for Cisco SSM On-Prem (pre-Release 7.0). 

Attackers can exploit this vulnerability by sending specially crafted HTTP requests to an affected device. Successful exploitation grants the attacker access to the web UI or API with the privileges of the compromised user, potentially leading to unauthorized administrative control. Cisco has released software updates to address CVE-2024-20419. Avertium recommends applying the updates as soon as possible to mitigate risk.  

avertium's recommendationS

Cisco has released software updates to address this vulnerability. The fixed releases are as follows: 

• For Cisco SSM On-Prem Release 8-202206 and earlier: Upgrade to Release 8-202212 
• For Cisco SSM On-Prem Release 9: Not vulnerable 
• Please note that there are no workarounds available.  
• Find patch guidance in Cisco’s advisory.  

When checking your Cisco SSM On-Prem Version, please follow the instructions below:  

• Access the Admin Portal: Open a web browser and enter the IP address of your Cisco SSM On-Prem server followed by the port number. 
• Log In: Use your administrative credentials. 
• Locate the System Health Section: Navigate to the “System Health” section to view the current software release version. 

how avertium is protecting our customers

IOCs ADDED TO OUR THREAT FEEDS

At this time, there are no known IoCs associated with CVE-2024-20419. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

TTPs TO MONITOR

• Initial Access (Tactic ID: TA0001) 
  • External Remote Services (ID: T1133): Exploiting this vulnerability could allow the attacker access to sensitive portions of the environment could exploit flaws in externally accessible services to gain initial access. 
• Privilege Escalation (Tactic ID: TA0004) 
  • Exploitation for Privilege Escalation (ID: T1068): Changing the password of administrative users, the attacker escalates privileges from an unauthenticated state to having high-level administrative access. 
• Credential Access (Tactic ID: TA0006) 
  • Credential Dumping (ID: T1003): Once the attacker has administrative access, they may attempt to dump credentials stored on the system for further exploitation. 
• Persistence (Tactic ID: TA0003) 
  • Account Manipulation (ID: T1098): After gaining administrative access by changing passwords, an attacker could create or modify accounts to ensure they maintain persistent access. 

ADDITIONAL SERVICE OFFERINGS

• Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
  
• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
  • Risk Assessments 
  • Pen Testing and Social Engineering  
  • Infrastructure Architecture and Integration  
  • Zero Trust Network Architecture
  • Vulnerability Management 

If you have any questions on these findings or prefer to no longer be notified about this issue, please contact the Cyber Fusion Center by replying to this message, sending an email to cfc@avertium.com, or by calling 1-877-707-7997 (option 1).
 

SUPPORTING DOCUMENTATION