Cisco Patch Static Password Vulnerability In Smart Software Manager

  •  
  •  
  •  
  • 5
  •  
  •  
  •  
    5
    Shares

Cisco have recently disclosed a security flaw in one of their products that could have serious consequences. As revealed, a static password vulnerability existed in Cisco Smart Software Manager On-Prem product exposing sensitive parts of the system to remote attackers.

Cisco Disclosed Static Password Vulnerability

Cisco have revealed a serious vulnerability in Cisco’s Smart Software Manager (SSM) On-Prem product. The vulnerability, CVE-2020-3158, existed in the High Availability (HA) service of the product exposing sensitive system parts to unauthenticated remote attackers.

As described in an advisory, the vulnerability existed because of the implementation of default and static password. Thus, any remote attacker could exploit the default account to connect to the system. The adversary could then gain access to sensitive locations.

A successful exploit could allow the attacker to obtain read and write access to system data, including the configuration of an affected device. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device.

Flaw Patched – Update Now

The vulnerability caught the attention of Steven Van Loo of hIQkru whom Cisco has acknowledged for reporting the flaw.

The vendors elaborated that this bug affected all Cisco Smart Software Manager On-Prem releases earlier than 7-202001. Yet, the bug could become active only with HA feature enabled.

Cisco fixed the flaw in Cisco SSM On-Prem 7-202001 and later releases. Other than, patching, the vendors have also confirmed no active exploitation of the flaw.

This static password vulnerability marks the only flaw reported until now in February with a critical severity rating. While Cisco have fixed numerous vulnerabilities in different products, as revealed through the advisories, all of them received a medium or high-severity rating.

Though, in January, Cisco fixed a critical security flaw in Firepower Management Center (FMC) that could allow remote code execution.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!