The SANS Technology Institute has issued a critical warning to organizations using Cisco’s Smart Licensing Utility (CSLU), urging them to take immediate action to address two serious vulnerabilities that could pose cybersecurity risks. These vulnerabilities, first disclosed by Cisco in September 2024, have been identified as CVE-2024-20439 and CVE-2024-20440, and have the potential to allow attackers to gain unauthorized access to sensitive information or even take control of affected systems.
The Cisco Smart Licensing Utility (CSLU) is commonly used in smaller, on-premises, and air-gapped networks to manage licenses for Cisco products. This utility offers a simpler way to handle licensing in isolated environments compared to the cloud-based Cisco Smart Licensing system. However, the vulnerabilities CVE-2024-20439 and CVE-2024-20440 have raised concerns due to their ability to expose critical systems to cyberattacks.
CVE-2024-20439, also known as the Static Credential Vulnerability, allows attackers to exploit an undocumented static user credential, granting them administrative access to systems running the affected versions of Cisco Smart Licensing Utility. This flaw can be exploited remotely, even by unauthenticated users, providing attackers with full administrative privileges through the application’s API. The second vulnerability, CVE-2024-20440, is an Information Disclosure Vulnerability that arises from excessive verbosity in a debug log file, potentially exposing sensitive information, including credentials.
Exploitation attempts for these vulnerabilities have already been detected, with attackers targeting the backdoor credentials that were initially revealed shortly after Cisco’s public advisory in September. Security researcher Nicholas Starke had reverse-engineered the flaws and shared the backdoor credentials on his blog, making it easier for attackers to exploit the vulnerabilities.
To mitigate the risks posed by these vulnerabilities, Cisco has confirmed that no workarounds are available, and organizations must apply the patches released by Cisco. Affected organizations are advised to update to versions 2.0.0, 2.1.0, or 2.2.0, or upgrade to version 2.3.0 or later to ensure their systems are not vulnerable.
The situation underscores the importance of timely software updates to prevent exploitation, especially with active attacks already detected targeting CSLU. Organizations are strongly encouraged to take immediate action to secure their systems by applying the necessary patches. For more information and assistance, users can visit Cisco’s advisory page or reach out to Cisco support.
In conclusion, the vulnerabilities in Cisco’s Smart Licensing Utility pose significant risks to organizations, and prompt action is essential to protect critical systems from potential cyberattacks. Update to the latest versions and stay informed about cybersecurity measures to safeguard your network infrastructure.