ZP Enterprises

Your Go-To Source for Cyber Security Insights and Solutions

Administration Cyber Security Internet Networking

Cisco Licensing Vulnerabilities Under Active Exploitation

ByZP Enterprises Webmin

Mar 21, 2025 #Administration, #Cyber Security, #Flaw, #Patch, #Vulnerability
Cisco CVE-2024-20439, CVE-2024-20440

Since March 20, attackers have actively exploited CVE-2024-20439 and CVE-2024-20440 in Cisco’s Smart Licensing Utility to gain unauthorized system access.

🦠 Why It Matters: Cisco’s infrastructure is deeply embedded across sectors. These flaws pose systemic risks, especially to unmanaged or unsegmented environments.

👉 Actionable Insight: Patch Cisco products immediately. Implement microsegmentation and endpoint detection rules tailored to licensing utility behaviors.

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. 

  • CVE-2024-20439 (Static Credential Vulnerability) – Allows unauthenticated, remote attackers to gain administrative access by leveraging a static, undocumented credential. Using this static credential, an attacker can log in to the system with full administrative privileges through the application’s API. 
  • CVE-2024-20440 (Information Disclosure Vulnerability) – Allows unauthenticated, remote attackers to access sensitive information due to overly detailed logging in a debug log file. By sending a specially crafted HTTP request to an affected device, an attacker could retrieve log files containing sensitive data, such as credentials for API access. 

Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite. 

Vulnerable Products

These vulnerabilities affect systems regardless of software configuration if they are running a vulnerable release of Cisco Smart Licensing Utility.

Note: These vulnerabilities are not exploitable unless a user starts the Cisco Smart Licensing Utility and is actively running.

For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities.

Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:

  • Smart Software Manager On-Prem
  • Smart Software Manager Satellite

By ZP Enterprises Webmin

Related Post

Business Cyber Security Internet News Security

Amazon is killing a privacy feature

Mar 19, 2025 ZP Enterprises Webmin
Cyber Security Cybercrime News

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017

Mar 19, 2025 ZP Enterprises Webmin
Administration Cyber Security Internet Random Facts Uncategorized

Login

Mar 14, 2025 ZP Enterprises Webmin

Leave a Reply

Please enter CoinGecko Free Api Key to get this plugin works.