思科緊急修補SSM On-Prem可被用來變更密碼的安全漏洞
支付動態 · 2024-07-18
7月17日思科公告修補CVSS評分高達10的資安漏洞CVE-2024-20419,將允許未經身分驗證的駭客,自遠端變更任何SSM On-Prem用戶的密碼
思科(Cisco)周三(7/17)緊急修補Cisco Smart Software Manager On-Prem(SSM On-Prem)上的一個安全漏洞,此一編號為CVE-2024-20419的漏洞將允許未經身分驗證的駭客,自遠端變更任何SSM On-Prem用戶的密碼,包括具備管理權限的用戶在內。
SSM On-Prem為思科的本地端部署解決方案,主要用來管理及監控企業內部的思科授權,此一漏洞影響Cisco SSM On-Prem與SSM Satellite。根據思科的說明,這兩個是同樣的產品,只是7.0以前稱為SSM Satellite,自7.0起更名為Cisco SSM On-Prem。
根據思科的說明,該漏洞源自於密碼變更程序實施不當,使得駭客只要傳送一個特製的HTTP請求至受害裝置上,便能觸發此一漏洞,允許駭客以受駭用戶的權限來存取網頁介面或API,其CVSS風險評分高達10。
現階段思科尚未收到CVE-2024-20419漏洞遭到濫用的報告,但強調除了部署修補程式之外,並無其它變通辦法。
Popular articles
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
British gambling levy rates confirmed for each vertical
Regulation
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
