Cisco urges customers using its smart licensing software to upgrade now because of a 9.8/10 severity flaw.
Cisco has disclosed a critical flaw in its Cisco Smart Software Manager On-Prem product, a software-license management tool targeted at organizations with sensitive security requirements.
Cisco's Smart Software Manager (SSM) helps organizations manage Cisco software licensing and product-activation keys, but the company has divulged that the SSM On-Prem component has a critical flaw with a severity rating of 9.8 out of 10.
Cisco says the bug, tracked as CVE-2020-3158, could allow a remote attacker to access a sensitive part of the system with a highly privileged account.
The attacker does not need a valid login to pull off an attack, Cisco warns, and could exploit it using a high-privilege default account to connect to the vulnerable system, gain read and write access to the system's data, and change its settings.
The SSM On-Prem component is for Cisco customers that have "strict" security needs and which don't want their Cisco products transmitting data to a central SSM database over the internet. Some customers might know it by its former name 'Cisco Smart Software Manager satellite'.
IT consultant, Steven Van Loo, founder of Belgium-based IT consultancy, hIQkru, found the default static password on SSM On-Prem in a system account that's outside the control of the administrator.
Fortunately for Cisco customers around the world, the consultant reported the bug to Cisco, which fixed it in the SSM On-Prem 7-202001, released at the end of January. Devices running earlier releases all share the same static password.
0 Comments