Threat Research

Cisco Smart Software Manager On-Prem Account Takeover

CTI

Security researchers identified CVE-2024-20419, a critical vulnerability in Cisco Smart Software Manager On-Prem (SSM) that allows an attacker to reset any user’s password without authentication. A publicly available PoC increases exploitation risk, and Cisco recommends upgrading to version 8-202212 as the mitigation. #CVE-2024-20419 #CiscoSSM #SSMOnPrem #OTP #PoC #8-202212

Keypoints

  • Vulnerability identified: CVE-2024-20419 in Cisco Smart Software Manager (SSM).
  • CVSS score: 10.0, indicating a critical severity level.
  • Impact: Allows attackers to reset any user’s password, including administrators, without authentication.
  • Exploitation: Publicly available proof of concept (PoC) code increases the likelihood of exploitation.
  • Affected versions: Cisco SSM On-Prem software version 8-202206 and earlier.
  • Mitigation: Upgrade to version 8-202212; no known workarounds available.
  • Technical flaw: Vulnerability exists in the OTP generation process, allowing bypass of security checks.
  • SonicWall protections: New IPS signatures released to protect against this vulnerability.
  • Best practices: Implement IP whitelisting, network segmentation, and remove internet-facing access to reduce risk.

MITRE Techniques

  • [T1098] Account Manipulation – Exploitation of the vulnerability allows attackers to reset passwords for any user account. [‘Exploitation of the vulnerability allows attackers to reset passwords for any user account.’]
  • [T1003] Credential Dumping – Using the authentication token obtained through the vulnerability to gain unauthorized access. [‘Using the authentication token obtained through the vulnerability to gain unauthorized access.’]

Indicators of Compromise

  • [URL] context – https://www.0xpolar.com/blog/CVE-2024-20419, https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
  • [URL] context – https://blog.sonicwall.com/en-us/2024/08/cisco-smart-software-manager-on-prem-account-takeover/
  • [Filename] context – Figure1-5.png, Figure2-7.png

Read more: https://blog.sonicwall.com/en-us/2024/08/cisco-smart-software-manager-on-prem-account-takeover/