✈️ Ongoing cyberattacks exploit critical vulnerabilities in Cisco Smart Licensing Utility

chushpan

chushpan

Professional
Messages
661
Reaction score
449
Points
63
👉 According to the SANS Internet Storm Center, two patched security vulnerabilities in Cisco Smart Licensing Utility are being actively exploited.

🗞 The two vulnerabilities with a critical rating are listed below.

▫️ CVE-2024-20439 (CVSS score: 9.8) - The presence of undocumented static user credentials for an administrative account that an attacker can use to log into an affected system.
▫️ CVE-2024-20440 (CVSS score: 9.8) - A vulnerability arises due to an overly detailed debug log file, which an attacker can use to access such files using a forged HTTP request and obtain credentials that can be used to access the API.

📰 Successful exploitation of the vulnerability could allow an attacker to log in to an affected system with administrative privileges and obtain log files containing sensitive data, including credentials that can be used to access the API.

📰 However, the vulnerabilities can only be exploited in scenarios where the utility is actively running.

📌 The flaws affecting versions 2.0.0, 2.1.0, and 2.2.0 were fixed by Cisco in September 2024. Cisco Smart License Utility version 2.3.0 is not affected by these two bugs.
 
You must log in or register to reply here.

Similar threads

chushpan
💻 VMware security flaws are being exploited in the wild - Broadcom releases urgent fixes
Replies
0
Views
105
chushpan
chushpan
Man
Critical vulnerabilities in Fortinet and Ivanti compromise U.S. security
Replies
0
Views
109
Man
Man
Man
Needrestart: A Useful Linux Utility or an Open Door for Hackers?
Replies
0
Views
100
Man
Man
Man
CISA: Four Critical Vulnerabilities Require Immediate Action
Replies
0
Views
140
Man
Man
Man
Seven Keys to Data: What Are the Most Fashionable Vulnerabilities for Cybercriminals
Replies
0
Views
74
Man
Man
Back
Top