Cisco Issues Critical Security Patches for Vulnerabilities in Smart Software Manager
Cisco has rolled out urgent patches to remedy a high-severity security vulnerability in its Smart Software Manager On-Prem (SSM On-Prem). This flaw potentially enables remote, unauthenticated attackers to change passwords for any user accounts, including those belonging to administrators. Cybersecurity experts have tagged this vulnerability as CVE-2024-20419, assigning it a maximum CVSS score of 10.0, indicating its critical nature.
According to Cisco, the vulnerability stems from a flawed implementation of the password-change process. Attackers may exploit this issue by sending specially crafted HTTP requests to a compromised device. A successful exploitation could grant them unauthorized access to the web user interface or application programming interface, functioning with the privileges of the affected user. The flaw is present in all SSM On-Prem versions up to 8-202206, while version 8-202212 introduces necessary fixes. Notably, version 9 remains unaffected.
Cisco has stated that there are no alternative workarounds for mitigating this issue and has denied any known instances of real-world attacks exploiting this vulnerability. Mohammed Adel, a security researcher, has been recognized for discovering and reporting the flaw.
In addition to this vulnerability, Cisco has addressed another critical risk in its Secure Email Gateway related to CVE-2024-20401, which received a CVSS score of 9.8. This flaw enables attackers to create new users with root privileges and crash the system using malicious email attachments. Exploitation can occur by sending an email containing a malicious attachment to an affected device, allowing full control over files in the system. For this vulnerability to be effective, specific conditions must be met, including enabling the file analysis feature and using outdated Content Scanner Tools.
The recent announcements from Cisco coincide with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Among these, CVE-2024-34102—identified as a severe flaw affecting Adobe Commerce and Magento—presents a risk due to improper management of XML External Entity references, allowing for potential remote code execution. Accompanying this, CVE-2024-28995 relates to a directory traversal vulnerability in SolarWinds Serv-U, while CVE-2022-22948 impacts VMware’s vCenter, exposing default file permissions.
These vulnerabilities highlight ongoing threats to organizations, with CVE-2024-34102 being particularly alarming due to its potential for exploitation at a wide scale. Reports indicate that a proof-of-concept exploit for this vulnerability has already been publicly shared, raising concerns about imminent attacks. Additionally, exploitation of CVE-2024-28995 is being actively monitored, particularly as attackers have been observed attempting to access sensitive files.
Federal agencies are mandated to implement mitigations as instructed by vendors by August 7, 2024, ensuring that their networks remain secure against these identified vulnerabilities. Given the critical nature of these vulnerabilities, business owners are urged to stay informed and take proactive steps to fortify their cybersecurity defenses, recognizing that these threats could very likely involve tactics such as initial access, privilege escalation, and potential persistence as outlined in the MITRE ATT&CK framework.
The ongoing developments demand heightened vigilance from cybersecurity professionals and business leaders alike, emphasizing the importance of regular updates and awareness of vulnerabilities that can compromise organizational integrity and data security.
