• AutoTL;DRB
    link
    fedilink
    English
    25 months ago

    This is the best summary I could come up with:


    Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devices.

    In a bulletin, Cisco warns that the product contains a vulnerability that allows hackers to change any account’s password.

    “This vulnerability is due to improper implementation of the password-change process,” the Cisco bulletin stated.

    “An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device.

    A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.”

    One possibility is that the web user interface and application programming interface the attacker gains administrative control over make it possible to pivot to other Cisco devices connected to the same network and, from there, steal data, encrypt files, or perform similar actions.


    The original article contains 272 words, the summary contains 148 words. Saved 46%. I’m a bot and I’m open source!