The vulnerability allows an unauthenticated, remote attacker to change the password of any user, including administrative users.
An attacker can exploit this vulnerability by sending crafted HTTP requests to an affected gear.
This vulnerability affects Cisco SSM On-Prem and Cisco Smart Software Manager Satellite (SSM Satellite).
For releases earlier than Release 7.0, this product was known as Cisco SSM Satellite.
As of Release 7.0, this product is called Cisco SSM On-Prem.
Cisco says thatno workarounds are available to address this vulnerability.
Cisco has also confirmed that this vulnerability does not affect the Cisco Smart Licensing Utility.
source: www.techworm.net
