Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-20419

🗓️ 17 Jul 2024 16:27:35Reported by ciscoType 
cve
 cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 272 Views🌐 WEB

Vulnerability in Cisco Smart Software Manager On-Prem authentication syste

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the Cisco Smart Software Manager On-Premium software authentication system, which stems from the lack of necessary checks during password changes, allows attackers to gain access to the administration web interface.
23 Jul 202400:00
bdu_fstec
Circl		CVE-2024-20419
17 Jul 202419:53
circl
Cisco		Cisco Smart Software Manager On-Prem Password Change Vulnerability
17 Jul 202416:00
cisco
Tenable Nessus		Cisco Smart Software Manager On-Prem Password Change (cisco-sa-cssm-auth-sLw3uhUy)
9 Aug 202400:00
nessus
Tenable Nessus		Cisco Smart Software Manager On-Prem Password Change Vulnerability (CVE-2024-20419) (Direct Check)
8 Aug 202400:00
nessus
Cvelist		CVE-2024-20419
17 Jul 202416:27
cvelist
Exploit DB		Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover
10 Apr 202500:00
exploitdb
Metasploit		Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
24 Sep 202418:53
metasploit
NCSC		Vulnerability fixed in Cisco Smart Software Manager On-Prem
19 Jul 202413:06
ncsc
Nuclei		Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover
18 Jun 202612:11
nuclei
Rows per page
NVD
Node
ciscosmart_software_manager_on-premRange<8-202112
[
  {
    "vendor": "Cisco",
    "product": "Cisco Smart Software Manager On-Prem",
    "versions": [
      {
        "version": "8-202206",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
hostnamequery param/backend/settings/oauth_adfsObtain XSRF token required for subsequent privileged requests via oauth_adfs endpointCWE-620
uidrequest body/backend/reset_password/generate_codeGenerate an auth_token used to reset a user passwordCWE-620
uidrequest body/backend/reset_passwordReset the specified user's password using an auth_tokenCWE-620
auth_tokenrequest body/backend/reset_passwordReset the specified user's password using an auth_tokenCWE-620
passwordrequest body/backend/reset_passwordReset the specified user's password using an auth_tokenCWE-620
password_confirmationrequest body/backend/reset_passwordReset the specified user's password using an auth_tokenCWE-620
usernamerequest body/backend/auth/identity/callbackAuthenticate with the new password to verify on loginCWE-620
passwordrequest body/backend/auth/identity/callbackAuthenticate with the new password to verify on loginCWE-620

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 07:07Current
7.6High risk
Vulners AI Score7.6
CVSS 3.110
EPSS0.80767
SSVC
CWE-620In Wild
cisco smart softwarevulnerabilityauthenticationremote attackerpassword change
272