CVE-2024-20419 Scanner

Cisco Smart Software Manager On-Prem (SSM On-Prem) is a tool used by organizations to manage and monitor Cisco software licenses on their network devices. It provides a local licensing solution, eliminating the need for continuous internet connection to Cisco's licensing servers. This product is widely adopted in industries where internet connectivity is restricted or sensitive data cannot leave the premises. It is employed by IT departments in large enterprises and government organizations to ensure compliance with licensing policies. The manager offers features such as license usage reporting and alerting, facilitating efficient software asset management. Its ease of use and integration with existing IT infrastructure make it a preferred choice for Cisco license management.

The Account Takeover vulnerability affects the authentication system within Cisco SSM On-Prem. It allows an unauthenticated remote attacker to change any user's password, including administrators. The vulnerability arises due to an improper implementation of the password-change process. Exploitation involves sending crafted HTTP requests to the system, bypassing authentication protocols. This flaw significantly risks the system's security as it enables unauthorized access to sensitive data. Organizations using the affected versions are highly exposed to potential breaches if this vulnerability is not addressed.

Technical analysis reveals that the vulnerability is located in the password reset functionality of Cisco SSM On-Prem. Attackers can exploit the vulnerability by generating and using an authentication token for a password reset without proper validation. The vulnerability is triggered by specific requests manipulated to bypass intended security mechanisms. Both the web interface and the API are susceptible to such attacks, as demonstrated through the HTTP requests cited in the findings. Mitigation requires changes in the way authentication tokens are generated and validated during the password reset process.

Exploiting this vulnerability can have severe consequences, including unauthorized access to the administrative interface of Cisco SSM On-Prem. Attackers can assume full control over user accounts, leading to potential data breaches and system configuration changes. The integrity and availability of the information managed by the system may be compromised. Such unauthorized access could also enable attackers to launch further attacks against the organization's network. Immediate action is required to prevent the exploitation of this vulnerability and secure the system from unauthorized access.

REFERENCES

• https://www.0xpolar.com/blog/CVE-2024-20419
• https://nvd.nist.gov/vuln/detail/CVE-2024-20419
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
• https://www.secpod.com/blog/critical-flaw-in-ciscos-secure-email-gateways-allows-attackers-to-control-the-device-completely/
• https://github.com/fkie-cad/nvd-json-data-feeds