Cisco Smart Software Manager On-Prem (SSM On-Prem) is susceptible to an account takeover vulnerability, which can be exploited by an unauthenticated attacker to gain unauthorized access and control over user accounts, including administrative accounts.
Exploit
- An attacker can cause disruption of service by sending specially crafted HTTP requests to the sophos captive portal, which can lead to the targeted devices being disconnected from the internet and forced to re-login. This attack can be carried out by an attacker who is within range of the sophos captive portal.
- An authenticated threat actor has the ability of escalating his/her privilges to system administrator by exploiting a couple of endpoints via specially crafted HTTP requests.
- An authenticated threat actor has the capability of executing commands on the operating system (busybox) of the ATCOM A10/A11 devices using a specially crafted HTTP request. If appropriate security controls are not in place, this vulnerability can serve as a base-ground for threat actors to establish persistent access within the affected organization's network.
- FortiRecorder is susceptible to an uncontrolled resource consumption vulnerability [CWE-400], which can be exploited by an unauthenticated attacker through crafted GET/POST requests to make the device unavailable.
