VDB

CVE-2024-20323

CVE-2024-20323 PUBLISHED CVSS 10 CRITICAL

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.

EPSS 0.50% · 66.5th percentile

Risk Scores

CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.50%
66.5th percentile

Affected Products

VendorProductVersions
CiscoCisco Smart Software Manager On-Prem8-202206
ciscosmart_software_manager_on-prem8-202206

Exploit Intelligence

…and 1 more exploits

Timeline

  • Jul 17, 2024 CVE Published
  • Jul 18, 2024 EPSS Score
  • Jul 18, 2024 PoC Published
  • Aug 1, 2024 CVE Updated
  • Aug 8, 2024 PoC Published
  • Aug 9, 2024 EPSS Score
  • Aug 30, 2024 EPSS Score
  • Sep 21, 2024 EPSS Score
  • Sep 24, 2024 PoC Published
  • Oct 4, 2024 Coalition ESS Score
  • Oct 13, 2024 EPSS Score
  • Nov 4, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›