Cisco Releases Security Advisories for Multiple Products
Cisco SSM On-Prem and Cisco Secure Email Gateway are affected by critical vulnerabilities
Summary
Cisco SSM On-Prem and Cisco Secure Email Gateway are affected by critical vulnerabilities
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
Multiple other products are affected. Please see advisories below.
Threat details
Public proof-of-concept exploit available for CVE-2024-20419
The NHS England National CSOC assesses that imminent exploitation of CVE-2024-20419 is highly likely and strongly encourages organisations to follow the remediation guidance in Cisco Security Advisory cisco-sa-cssm-auth-sLw3uhUy.
CVE-2024-20419 affects Cisco Smart Software Manager On-Prem (SSM On-Prem) and Smart Software Manager Satellite (SSM Satellite). CVE-2024-20419 is extremely trivial to exploit, and a public exploit is available.
Introduction
Cisco has released advisories covering multiple products including two critical vulnerabilities, three high, and four medium severity. The two critical vulnerabilities are known as CVE-2024-20419 and CVE-2024-20401.
- CVE-2024-20419 affects Cisco Smart software Manager (SSM) On-Prem and has a CVSSv3 score of 10 and could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. A public exploit is available.
- CVE-2024-20401 affects Cisco Secure Email Gateway and has a CVSSv3 score of 9.8 and could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system (OS). This could allow an attacker to then add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial-of-service (DoS).
Additionally, two previous advisories regarding the regreSSHion (OpenSSH server RCE) vulnerability and the Blast-RADIUS (RADIUS protocol spoofing) vulnerability were updated.
Threat updates
Date | Update |
---|---|
25 Sep 2024 | A public exploit for CVE-2024-20419 is available. |
22 Jul 2024 | Exploitation of CVE-2024-20419 highly likely |
Remediation advice
Affected organisations are encouraged to review the following Cisco Security Advisories for more information.
Remediation steps
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 25 September 2024 1:52 pm