Cyber Resilience

CVE-2024-20419

Critical

Published: 17 July 2024

Published
17 July 2024
Modified
31 July 2025
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9147 99.7th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20419 is a critical-severity Unverified Password Change (CWE-620) vulnerability in Cisco Smart Software Manager On-Prem. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) stems from improper implementation of the password-change process. This flaw enables an unauthenticated remote attacker to alter the password of any user account, including administrative ones, by sending crafted HTTP requests to an affected device. The issue carries a CVSS score of 10.0 and is tracked under CWE-620.

An attacker who successfully exploits the vulnerability can obtain access to the web UI or API using the privileges of the compromised account. The EPSS score stands at a current and peak value of 0.9147. The primary advisory reference is the Cisco security bulletin at sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy.

EU & UK References

Vulnerability details

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change…

more

process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables exploitation of a public-facing web UI/API (T1190) through crafted HTTP requests, allowing unauthenticated account manipulation via password changes for any user including admins (T1098), resulting in privilege escalation (T1068).

Affected Assets

cisco
smart software manager on-prem
≤ 8-202112

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References