✈️ Ongoing cyberattacks exploit critical vulnerabilities in Cisco Smart Licensing Utility

chushpan

Professional
Messages
1,088
Reaction score
1,304
Points
113
👉 According to the SANS Internet Storm Center, two patched security vulnerabilities in Cisco Smart Licensing Utility are being actively exploited.

🗞 The two vulnerabilities with a critical rating are listed below.

▫️ CVE-2024-20439 (CVSS score: 9.8) - The presence of undocumented static user credentials for an administrative account that an attacker can use to log into an affected system.
▫️ CVE-2024-20440 (CVSS score: 9.8) - A vulnerability arises due to an overly detailed debug log file, which an attacker can use to access such files using a forged HTTP request and obtain credentials that can be used to access the API.

📰 Successful exploitation of the vulnerability could allow an attacker to log in to an affected system with administrative privileges and obtain log files containing sensitive data, including credentials that can be used to access the API.

📰 However, the vulnerabilities can only be exploited in scenarios where the utility is actively running.

📌 The flaws affecting versions 2.0.0, 2.1.0, and 2.2.0 were fixed by Cisco in September 2024. Cisco Smart License Utility version 2.3.0 is not affected by these two bugs.
 
Top