According to the SANS Internet Storm Center, two security flaws affecting the Cisco Smart Licensing utility see aggressive attempts at exploitation.
The two important assessment vulnerabilities in question are listed below –
CVE-2024-20439 (CVSS score: 9.8) – The existence of undocumented static user credentials for the administrative account that attackers can leverage to log in to the affected system CVE-2024-20440 (CVSS score: 9.8) – The attacker gets the credentials that can be used to access HTTP requests and APIs that can cause vulnerabilities due to vulnerabilities that mean that an attacker will appear
The successful exploitation of the flaw allows an attacker to log into an affected system with administrative privileges and retrieve a log file containing sensitive data containing credentials that can be used to access the API.
That said, vulnerabilities can only be exploited in scenarios where the utility is actively running.
The drawbacks affecting versions 2.0.0, 2.1.0, and 2.2.0 were patched by Cisco in September 2024. Cisco Smart License Utility version 2.3.0 is not affected by two bugs.
As of March 2025, it has been observed that threat actors are actively trying to harness the two vulnerabilities, said Johannes B. Ulrich, dean of research at the SANS Technology Institute, and unidentified threat actors have weaponized other flaws.
Currently, we don’t know what the campaign’s ultimate goal is, or who is behind it. In light of aggressive abuse, it is essential for users to apply the necessary patches for optimal protection.
Source link
