Lucene search
K

CVE-2024-20419

🗓️ 17 Jul 2024 16:27:35Reported by ciscoType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 276 Views🌐 WEB

Vulnerability in Cisco Smart Software Manager On-Prem authentication syste

Related
Detection
Affected
Refs
Paths
Social
NVD
[
  {
    "vendor": "Cisco",
    "product": "Cisco Smart Software Manager On-Prem",
    "versions": [
      {
        "version": "8-202206",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
hostnamequery parambackend/settings/oauth_adfsObtain XSRF token for further privileged actions via unauthenticated access to oauth_adfsCWE-620
uidrequest bodybackend/reset_password/generate_codeGenerate an auth_token using user UID to enable password resetCWE-620
auth_token? (not provided; see payload)request bodybackend/reset_password/generate_codeGenerate an auth_token using user UID to enable password resetCWE-620
uidrequest bodybackend/reset_passwordReset the password for a given user using an obtained auth_tokenCWE-620
auth_tokenrequest bodybackend/reset_passwordReset the password for a given user using an obtained auth_tokenCWE-620
passwordrequest bodybackend/reset_passwordReset the password for a given user using an obtained auth_tokenCWE-620
password_confirmationrequest bodybackend/reset_passwordReset the password for a given user using an obtained auth_tokenCWE-620
common_namerequest bodybackend/reset_passwordReset the password for a given user using an obtained auth_tokenCWE-620
usernamerequest bodybackend/auth/identity/callbackAuthenticate with the new password to confirm takeoverCWE-620
passwordrequest bodybackend/auth/identity/callbackAuthenticate with the new password to confirm takeoverCWE-620
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 07:07Current
7.6High risk
Vulners AI Score7.6
CVSS 3.110
EPSS0.80635
SSVC
276