Cisco has disclosed a critical vulnerability, CVE-2024-20419, that affects the Smart Software Manager On-Prem (SSM On-Prem). Successful exploitation of this flaw allows unauthenticated remote threat actors to change administrative passwords. Review the details in this Cybersecurity Threat Advisory to mitigate your risk.
What is the threat?
This vulnerability arises from improper validation of authentication tokens within the software. The flaw enables an attacker to send specially crafted HTTP requests to the affected device, bypassing the normal authentication mechanisms. Upon successful exploitation, an attacker can modify administrative password and gain full administrative control over the affected device.
Why is it noteworthy?
This vulnerability is noteworthy as it offers attackers the ability to bypass authentication mechanisms, change administrative passwords, and carry out the attack remotely which increases its critical severity and the potential for widespread impact. Failure to address this vulnerability promptly could expose organizations to significant security incidents, including data breaches, financial losses, and reputational damage.
What is the exposure or risk?
With administrative privileges, an attacker can perform a range of malicious activities, such as altering system configurations, accessing and exfiltrating sensitive data, installing malware, and potentially using the device as a foothold to compromise other parts of the network.
Additionally, the attack can be carried out remotely, which significantly increases the attack surface as it does not require physical access to the targeted device. The ability of an unauthenticated attacker to change administrative passwords without any credentials undermines fundamental security controls designed to protect sensitive network infrastructure.
What are the recommendations?
Barracuda MSP recommends taking the following actions to reduce your risks:
- Apply patches provided by Cisco to address CVE-2024-20419 as soon as possible
- Isolate the affected devices from critical parts of the network if patches can’t be applied immediately
- Limit access to SSM On-Prem servers to trusted IP addresses only
- Implement a proactive monitoring solution such as Barracuda XDR Network Security to watch for any unusual or suspicious activity that could indicate an attempted exploitation
- Implement multi-factor authentication for administrative access to the affected systems
- Temporarily disabling the SSM On-Prem service if it is not critical until the patch can be applied
- Conduct a thorough review of all user accounts and privileges on the affected devices. Remove any unnecessary or unused accounts and ensure that permissions are as restrictive as possible.
References
For more in-depth information about the recommendations, please visit the following links:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
- https://nvd.nist.gov/vuln/detail/CVE-2024-20419
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.