How severe is CVE-2024-20419?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2024-20419?

This is classified as CWE-620, which is a common weakness in software security.

CVE-2024-20419

CRITICAL Year: 2024

CVSS v3 Score

10.0

Critical

Weakness Type

CWE-620

View all →

Vulnerability Description

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.

CVE-2025-1107

CRITICAL

CVSS:9.9(Critical)

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To expl...

CWE-6202025

CVE-2024-12824

CRITICAL

CVSS:9.8(Critical)

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly...

CWE-6202024

CVE-2024-12860

CRITICAL

CVSS:9.8(Critical)

The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugi...

CWE-6202024

CVE-2024-13375

CRITICAL

CVSS:9.8(Critical)

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user...

CWE-6202024

CVE-2024-26520

CRITICAL

CVSS:9.8(Critical)

An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets...

CWE-6202024

CVE-2024-37998

CRITICAL

CVSS:9.8(Critical)

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affect...

CWE-6202024

CVE-2024-20419

Vulnerability Description

Related Vulnerabilities

CVE-2025-1107

CVE-2024-12824

CVE-2024-12860

CVE-2024-13375

CVE-2024-26520

CVE-2024-37998