Unauthenticated Remote Attackers Can Log in to Cisco Systems with Administrative Privileges

CVE-2024-20439

9.8CRITICAL

Key Information

Vendor: Cisco
Status: Cisco Smart License Utility
Vendor: CVE Published:; 4 September 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.

This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.

Affected Version(s)

Cisco Smart License Utility = 2.1.0

Cisco Smart License Utility = 2.0.0

Cisco Smart License Utility = 2.2.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 6, 2024
Vulnerability published
Sep 4, 2024

Collectors

NVD DatabaseMitre Database