Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
18-July-24
Cisco has released patches for a critical vulnerability (CVE-2024-20419, CVSS score 10.0) in Smart Software Manager On-Prem (SSM On-Prem) that allows remote, unauthenticated attackers to change user passwords, including administrative accounts, via crafted HTTP requests. This flaw, due to improper password-change process implementation, affects versions 8-202206 and earlier, with a fix in version 8-202212; version 9 is unaffected. Meanwhile, CISA has added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-34102 (Adobe Commerce and Magento Open Source), CVE-2024-28995 (SolarWinds Serv-U), and CVE-2022-22948 (VMware vCenter Server). Federal agencies must implement mitigations by August 7, 2024.
