"Cisco SSM On-Prem Bug Lets Hackers Change Any User's Password"

Cisco has fixed a critical flaw that enables attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. The security vulnerability stems from an unverified password change flaw in SSM On-Prem's authentication system. The successful exploitation of this vulnerability lets unauthenticated, remote attackers change user passwords without knowing the original password. This article continues to discuss the potential exploitation and impact of the Cisco SSM On-Prem bug.

BleepingComputer reports "Cisco SSM On-Prem Bug Lets Hackers Change Any User's Password"

Submitted by grigby1