Cisco’s high-security Smart Software Manager has a critical flaw

Cisco sign

Cisco has disclosed a critical flaw in a product called Cisco Smart Software Manager (SSM) On-Prem, a special version of its SSM software licensing management product aimed at organizations with organizations high security requirements.

Cisco’s SSM On-Prem product for managing software licensing needs has a critical flaw with a severity rating of 9.8 out of 10, which could allow a remote attacker to access a sensitive part of the system with a highly-privileged account. 

The attacker does not need valid credentials to pull off an attack, Cisco warns, and could exploit the bug using this high privilege default account to connect to the affected system and gain read and write access to the system’s data as well as change its settings. 

SSM On-Prem is for customers with “strict security requirements” and want to avoid products communicating with Cisco’s central licensing database on SSM over a direct Internet connection, according to Cisco

SSM On-Prem has a system account outside the purview of the administrator that has a default and static password that was found by IT consultant, Steven Van Loo, founder of Belgium-based IT consultancy, hIQkru.  

Cisco notes that although an attacker could gain access to a sensitive part of the system, the attacker would not have full administrative rights to control the device. 

The flaw affects Cisco Smart Software Manager On-Prem releases earlier than 7-202001, which was released on January 31, 2020. 

However, Cisco adds that the high availability (HA) feature needs to be enabled in order for the device to be vulnerable and that HA is not on by default. 

Admins can check if HA is enabled by looking into the administrative web interface and checking for the “high availability status” widget, which if present, means the feature is enabled and the device is vulnerable. 

Admins can also use the onprem-console and type the ha_status command at the command line interface to determine the status of the device. 

Cisco today also disclosed six high-severity vulnerabilities affecting its Unified Contact Center, the firmware of UCS C-Series Rack Servers, its Email Security Appliance and Security Management Appliance, and Data Center Network Manager. 

The bug affecting Cisco UCS C-Series Rack Servers allows an authenticated attacker with physical access to load a malicious software image onto a vulnerable device by bypassing its Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks. 

This affects multiple Firepower Management Center and Secure Network Server products if they’re running a vulnerable BIOS version. These include:   

  • Firepower Management Center (FMC) 1000 
  • Firepower Management Center (FMC) 2500
  • Firepower Management Center (FMC) 4500 
  • Secure Network Server 3500 Series Appliances
  • Secure Network Server 3600 Series Appliances
  • Threat Grid 5504 Appliance

More details about these and nine more medium severity issues are detailed in Cisco’s latest security advisories dated 19 February 2020


Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies