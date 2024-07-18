Rechercher
Severe Cisco flaw enables attackers to change admin user passwords

July 2024 by Sylvain Cortes, VP Strategy at Hackuity

A maximum-severity Cisco vulnerability has emerged, allowing attackers who successfully exploit it to change admin passwords and gain access with the same level of privilege as the user. Sylvain Cortes, VP Strategy, Hackuity comments:

“Cisco’s warning about a critically rated 10/10 vulnerability, CVE-2024-20419, shouldn’t be taken lightly. Any exploit of this flaw could allow unauthenticated attackers to change users passwords from a remote location, putting users at risk of unauthorised access to their account.

This is the sweet spot attackers dream of: low complexity, high impact. In the worst possible scenario, a threat actor could have the ability to access the user’s web UI with the same privileges as the user.

This vulnerability underpins the importance of regular updates to all software, as these often include important security updates which aim to keep holes in the network closed.

Cisco notes that version 9 of the affected software (SSM On-Prem and SSM Satellite) is unaffected by the vulnerability. I urge all users to update their software now –and fast.”


