The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU) and allows unauthenticated, remote attackers to gain administrative access to affected systems through an undocumented, static credential.
The vulnerability, classified under CWE-912 (Hidden Functionality), carries a Critical severity with a CVSS base score of 9.8.
According to Cisco’s security advisory, the flaw “could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.”
This backdoor-like access exists due to hardcoded credentials embedded within the application, providing attackers with full administrative privileges over the CSLU API.
Security researchers have noted that exploitation is relatively straightforward once attackers identify vulnerable systems.
Johannes Ullrich, Dean of Research at the SANS Technology Institute, confirmed that threat actors are actively exploiting this vulnerability, especially after technical details, including the backdoor credentials, were published online.
“It is no surprise that we are seeing some exploit activity,” Ullrich noted after observing attacks in the wild.
Attackers are reportedly chaining CVE-2024-20439 with another critical vulnerability in the same product, CVE-2024-20440 (CVSS 9.8), an information disclosure flaw that enables extraction of sensitive data from debug log files.
The combination of these vulnerabilities creates a particularly dangerous attack vector, allowing attackers to both gain administrative access and harvest credentials for further system compromise.
The threat actors behind these exploitation attempts are also targeting other vulnerabilities, including CVE-2024-0305, which affects Guangzhou Yingke Electronic DVRs.
The summary of the vulnerability is given below:
| Risk Factors | Details |
| Affected Products | Cisco Smart Licensing Utility versions 2.0.0 to 2.2.0 (excluding version 2.3.0) |
| Impact | Allows unauthenticated, remote attackers to log in using static administrative credentials |
| Exploit Prerequisites | Cisco Smart Licensing Utility is manually started and actively running |
| CVSS 3.1 Score | 9.8 (Critical) |
The vulnerability impacts Cisco Smart Licensing Utility versions 2.0.0 through 2.2.0, with version 2.3.0 confirmed as not vulnerable. CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply patches by April 21, 2025.
It’s important to note that these vulnerabilities only affect systems where the CSLU has been manually started, as it doesn’t run in the background by default.
However, even launching the application once on an internet-connected host can create an exploitation opportunity.
Organizations Can take the following actions:
Organizations should prioritize addressing this vulnerability given its critical nature, ease of exploitation, and confirmation of active attacks.
As the CISA KEV catalog continues to be the authoritative source for tracking exploited vulnerabilities, security teams should incorporate it into their vulnerability management prioritization frameworks.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks appeared first on Cyber Security News.
March 16, 2026 All three new food and beverage options at Cherapa Place now are…
March 16, 2026 Vacancy in the Sioux Falls multifamily market ticked up to start the…
Reviewed: On Antisemitism: A Word in HistoryMark MazowerPenguin Press, $29 In April 2024, six months…
RadiusTech.xyz – Cloudflare customer – (United States) Forward-looking developers use .xyz domains to build AI…
The first globe—a spherical representation of our planet Earth—dates back to the Age of Discovery.…
The New Jersey Motion Picture and Television Commission announced Tuesday that 15 towns joined the…
This website uses cookies.