A critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem) has surfaced, allowing unauthenticated, remote attackers to change user passwords, including those of administrative users.
This flaw, rooted in improperly implementing the password-change process, has raised significant security concerns among Cisco users and IT professionals worldwide.
The vulnerability enables attackers to exploit the system by sending crafted HTTP requests to an affected device. If successful, this exploit grants the attacker access to the web UI or API with the same privileges as the compromised user.
This could potentially lead to unauthorized access to sensitive data and system functionalities. Affected products include Cisco SSM On-Prem and Cisco Smart Software Manager Satellite (SSM Satellite).
It’s important to note that these are essentially the same product, with the name change occurring as of Release 7.0. Cisco Smart Licensing Utility, however, remains unaffected by this vulnerability.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
Cisco’s Response and Solutions
Cisco has responded promptly by releasing software updates to address this vulnerability. Unfortunately, no workarounds are available, so users need to apply the updates as soon as possible.
The advisory on this issue can be found on Cisco’s official security advisory page. For those with service contracts, Cisco advises obtaining security fixes through regular update channels.
Customers must ensure that their devices have sufficient memory and that their current configurations will support the new release. In cases of uncertainty, it is recommended that customers contact the Cisco Technical Assistance Center (TAC).
Affected and Fixed Releases
| Cisco SSM On-Prem Release | First Fixed Release |
| 8-202206 and earlier | 8-202212 |
| 9 | Not vulnerable |
Customers without service contracts or those who purchased through third-party vendors are advised to contact the Cisco TAC to obtain necessary upgrades. To facilitate the process, it’s crucial to have the product serial number and the advisory URL ready.
Cisco emphasizes that these free security updates do not grant new software licenses or additional features but address the existing vulnerability. Customers are encouraged to consult Cisco’s security advisories regularly to stay informed about potential exposures and solutions.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access