Article 6P9SR Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

by
Dan Goodin
from Ars Technica - All content on (#6P9SR)
exploit-vulnerability-security-800x450.j

Enlarge

Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devices.

The Cisco Smart Software Manager On-Prem resides inside the customer premises and provides a dashboard for managing licenses for all Cisco gear in use. It's used by customers who can't or don't want to manage licenses in the cloud, as is more common.

In a bulletin, Cisco warns that the product contains a vulnerability that allows hackers to change any account's password. The severity of the vulnerability, tracked as CVE-2024-20419, is rated 10, the maximum score.

Read 4 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments