HTTP: Cisco Smart Software Manager On-Prem Account Takeover
This signature detects attempts to exploit a known vulnerability against Cisco, Smart Software Manager. A successful attack can lead to elevation of privilege and arbitrary code execution.
Extended Description
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.\r\n\r This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.
Short Name
HTTP:CISCO:SSM-ON-PREM-ACC-TKVR
Severity
Critical
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Account CVE-2024-20419 Cisco Manager On-Prem Smart Software Takeover
Release Date
09/19/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3846
False Positive
Occasionally