top of page

Cisco SSM On-Prem Account Takeover (CVE-2024-20419)



Application Details

Cisco Smart Software Manager On-Prem (SSM On-Prem) license server is a component of Cisco Smart Licensing. It works in conjunction with Cisco Smart Software Manager to intelligently manage customer product licenses, providing near-real-time visibility and reporting of Cisco licenses customers purchase and consume.


Vulnerability

Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow a remote attacker to gain elevated privileges on the system, caused by improper implementation of the password-change process


Identification

By sending specially crafted HTTP requests, an attacker could exploit this vulnerability to access the web UI or API and change the password of any user, including administrative users.


POST /backend/reset_password/generate_code

PAYLOAD - 
{"uid": "admin"}

Detection

By turning this into a traffic file and matching rule, we are able to detect attempts to change the password of any user, including administrative users.


Coverage

Idappcom has created signature 8025220 along with a traffic file for this vulnerability.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

コメント


bottom of page