_designer491_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "High-Severity Bug in Cisco Allows Attackers to Gain Password Access")
In a recent development, Cisco has taken action to address a critical vulnerability in its Duo multifactor authentication service. This vulnerability, identified as CVE-2024-20419, poses a serious threat as it could allow malicious actors to change any user or admin password.
The severity of this vulnerability is highlighted by its maximum CVSS rating of 10. Despite the high risk it presents, Cisco has been tight-lipped about the specifics of the bug, opting instead to focus on providing a solution to mitigate its impact.
One concerning aspect of this vulnerability is the ease with which it can be exploited. The attack complexity is considered low, requiring no special privileges or user interaction to carry out the password change. However, the potential consequences are significant, with implications for the integrity, availability, and confidentiality of the affected product.
According to Cisco, the exploit involves sending specially crafted HTTP requests to a vulnerable device. Successful exploitation of the vulnerability could grant an attacker unauthorized access to the web UI or API, using the compromised user’s privileges.
The impact of this vulnerability is not limited to a single product, as it affects both SSM On-Prem and SSM Satellite. Unfortunately, there are no known workarounds for the issue, underscoring the importance of promptly applying the available patch to safeguard against potential attacks.
Cisco has refrained from disclosing any details about active exploitation of this vulnerability or the number of users affected. However, given that SSM On-Prem is commonly used by financial institutions, utilities, service providers, and government organizations, these sectors are urged to be particularly vigilant.
It is essential for all users of Cisco’s Duo multifactor authentication service to stay informed about security updates and promptly implement any patches provided by the company. By taking proactive measures to address vulnerabilities such as CVE-2024-20419, organizations can enhance their cybersecurity defenses and protect sensitive information from unauthorized access.