Two critical security flaws in Cisco Smart Licensing Utility have seen active exploitation attempts, according to SANS Internet Storm Center. The vulnerabilities, listed as CVE-2024-20439 and CVE-2024-20440, carry a CVSS score of 9.8 and are rated critically.
The first vulnerability (CVE-2024-20439) involves an undocumented static user credential for an administrative account, which can be exploited to log in to the affected system. The second vulnerability (CVE-2024-20440) is caused by excessively verbose debug log files that can be accessed using a crafted HTTP request, allowing attackers to obtain credentials.
Successful exploitation of these flaws grants access to sensitive data and API credentials, but only if the utility is actively running. Cisco has patched versions 2.0.0, 2.1.0, and 2.2.0 of the Smart Licensing Utility in September 2024. Version 2.3.0 is not susceptible.
Threat actors are attempting to exploit these vulnerabilities, as well as another information disclosure flaw (CVE-2024-0305). However, it’s unclear what the end goal of the campaign is or who is behind it. Given active abuse, it’s essential to apply the necessary patches for optimal protection.
Source: https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html