Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Authentication Bypass Vulnerability In Cisco Smart Software Manager (SSM) On-Prem, Patch Immediately!
Image
Published : 18/07/2024
Reference:
Advisory #2024-110
Version:
1.0
Affected software:
Cisco Smart Software Manager (SSM) On-Prem
Type:
Authentication bypass
CVE/CVSS:
CVE-2024-20419 :CVSS 10.0(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
Cisco Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20419
Risks
A vulnerability in Cisco Smart Software Manager (SSM) On-Prem could allow an attacker to change the password of any user. This allows an attacker to change the password of an administrator, and log into the device as that administrator.
Cisco SSM On-Prem are used for managing customer accounts and product licenses for service providers and Cisco partners. Unauthorized administrative access to this device by a malicious actors could lead to a large impact on your organisation.
Furthermore, exploit code has recently been published, making this vulnerability even easier to exploit for attackers.
Description
Due to an improper implementation of the password change process in the device, an unauthenticated attacker can craft HTTP requests to change the password of any user. This allows an attacker to gain administrative access to the device UI and API features.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Update to version 8-202212 or newer. Version 9 is not vulnerable. For more details refer to the Cisco Advisory.
Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Hacker News: https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html
Bleeping Computer: https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/