Recent cyberattacks have honed in on two critical vulnerabilities present in the Cisco Smart Licensing Utility (CLSU). These vulnerabilities, known as CVE-2024-20439 and CVE-2024-20440, were identified and subsequently patched by Cisco in September 2024. The first vulnerability, CVE-2024-20439, involves an undocumented static user credential that enables unauthorized individuals to gain administrative access. The second flaw, CVE-2024-20440, takes advantage of excessive verbosity in the log files, potentially allowing attackers to obtain sensitive data such as API credentials.
These vulnerabilities specifically target versions 2.0.0, 2.1.0, and 2.2.0 of the Cisco Smart Licensing Utility. Users running version 2.3.0 are not susceptible to these issues. Exploitation of these vulnerabilities requires the software to be actively running, with attackers utilizing the hardcoded password or detailed log files to gain unauthorized access. Despite the patch release in 2024, threat actors continue to target these vulnerabilities, as evidenced by activity detected by the SANS Internet Storm Center.
Security experts suggest that these vulnerabilities may have been part of a larger, coordinated campaign, with attackers focusing on CLSU instances accessible over the internet. The same threat actors have also been observed targeting other vulnerabilities, including an information disclosure flaw in Guangzhou Yingke Electronic DVRs. While the ultimate motive behind these attacks remains unclear, researchers note a consistent effort to infiltrate and compromise vulnerable systems.
The tactics employed by these attackers indicate a high level of sophistication and strategic planning. Although Cisco has not received any direct reports of malicious exploitation of these vulnerabilities, they strongly advise users to promptly apply the provided patches to mitigate potential risks. The company’s advisory underscores that these vulnerabilities are only exploitable on unpatched systems and highlights the recurring presence of backdoor vulnerabilities in Cisco products, underscoring the ongoing importance of maintaining robust cybersecurity measures.
As the cybersecurity landscape continues to evolve, organizations must remain vigilant against emerging threats and promptly address any vulnerabilities to safeguard their systems and data from malicious actors.
Reference: Cisco