HomeCII/OTAttackers are exploiting Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

Attackers are exploiting Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

Published on

spot_img

In a recent revelation, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed the exploitation of CVE-2024-20439, a static credential vulnerability found in the Cisco Smart Licensing Utility. This alarming discovery has prompted CISA to add the flaw to its Known Exploited Vulnerabilities catalog, indicating that attackers have been actively taking advantage of this security vulnerability in the wild.

Following CISA’s announcement, Cisco has issued a confirmation and has updated its security advisory to address not only CVE-2024-20439 but also CVE-2024-20440, an information disclosure flaw within the same software. The Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of CVE-2024-20439 in March 2025, highlighting the urgency of addressing these vulnerabilities.

The exploitation of CVE-2024-20439 and possibly CVE-2024-20440 was brought to light by Johannes Ullrich, the Dean of Research at the SANS Technology Institute, who flagged the exploit attempts in a recent report. These vulnerabilities pose a serious threat to the security and integrity of Cisco customers using the Smart License Utility Manager (CSLU) application to manage licenses and product instances.

CVE-2024-20439 allows remote attackers to access an affected system using a static administrative credential, granting them unauthorized access with administrative privileges. On the other hand, CVE-2024-20440 enables attackers to retrieve sensitive data, such as API credentials, by sending a specially crafted HTTP request to the targeted device.

While Cisco had released a patched version of the software (2.3.0) in September 2024 to address these vulnerabilities, it was only in March 2025 that security researchers observed exploitation attempts in the wild. It is essential for Cisco customers to upgrade to the latest version of the software to mitigate the risk posed by these vulnerabilities.

The vulnerabilities can only be exploited when the utility is actively running, but they can be exploited independently of each other, increasing the potential threat to affected systems. Security researcher Nicholas Starke had previously highlighted the static admin credential issue in CVE-2024-20439, emphasizing the importance of addressing these vulnerabilities promptly.

In response to these cybersecurity threats, CISA has issued a directive for US federal agencies to apply mitigations as per vendor instructions, follow relevant guidance for cloud services, or discontinue the use of the product if necessary by April 21. This underscores the critical nature of addressing these vulnerabilities to prevent further exploitation and potential data breaches.

In conclusion, the exploitation of CVE-2024-20439 and CVE-2024-20440 underscores the importance of proactive cybersecurity measures and timely software updates to mitigate the risks posed by such vulnerabilities. It is crucial for organizations using the Cisco Smart Licensing Utility to prioritize security updates and follow best practices to safeguard their systems against potential cyber threats.

Source link

Latest articles

Citrix Secure Access Client Vulnerability Allows Low-Privileged Windows Users to Attain SYSTEM Privileges

Cloud Software Group has recently alerted users to significant vulnerabilities affecting both the Citrix...

Ransomware Disrupts Fairlife Dairy Production

Production Halted at Fairlife Dairy Facilities Following Ransomware Attack In a significant cybersecurity incident, Fairlife,...

OpenSSL DoS Vulnerability Allows Remote Attackers to Deplete Server Memory with a Simple 11-Byte Payload

Newly Disclosed OpenSSL Vulnerability Underscores Reliance on Foundational Libraries Recent findings have unveiled a vulnerability...

GigaWiper by CyberMaterial and Sofia

GigaWiper: The Malware that Redefines Cyber Threats In the realm of cybersecurity, malware has traditionally...

More like this

Citrix Secure Access Client Vulnerability Allows Low-Privileged Windows Users to Attain SYSTEM Privileges

Cloud Software Group has recently alerted users to significant vulnerabilities affecting both the Citrix...

Ransomware Disrupts Fairlife Dairy Production

Production Halted at Fairlife Dairy Facilities Following Ransomware Attack In a significant cybersecurity incident, Fairlife,...

OpenSSL DoS Vulnerability Allows Remote Attackers to Deplete Server Memory with a Simple 11-Byte Payload

Newly Disclosed OpenSSL Vulnerability Underscores Reliance on Foundational Libraries Recent findings have unveiled a vulnerability...