Vulnerability in Cisco Smart Software Manager lets attackers change any user password
Briefly

from Ars Technica6 months ago
Cisco disclosed a maximum-security vulnerability allowing remote attackers to change any user's password, including administrators, on Cisco Smart Software Manager On-Prem devices.
Ars Technicahttps://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/
The vulnerability is due to improper implementation of the password-change process, enabling attackers to access the web UI or API with compromised user privileges.
Ars Technicahttps://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/
There are no workarounds available to mitigate the threat, but a security update has been released by Cisco to address the vulnerability.
Ars Technicahttps://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/
After gaining administrative control, attackers could potentially pivot to other connected Cisco devices, leading to data theft, file encryption, or similar malicious actions.
Ars Technicahttps://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/
Read at Ars Technica
#cisco #vulnerability-disclosure #cybersecurity #remote-threat-actors #security-update
[
|
]