Cisco patches severe password reset flaw that lets hackers hijack SSM On-Prem license servers
In principle, an attacker could use this access to steal licenses, or interfere with or revoke licensed features. However, it’s more likely that a compromise would be used to establish a bridgehead for lateral movement deeper inside the network.
Some better news
There’s an important qualification: any attacker exploiting the flaw would need to initiate a password change to gain access. Given how central licensing is to day-to-day network management, an organization’s admins would surely notice this very quickly. Equally, however, regaining control of a hijacked server would not be quick or easy.
Cisco said that, to date, its product security incident response team (PSIRT) is not aware of any malicious exploits targeting the vulnerability, which indicates that the issue has hopefully been contained.