Unauthenticated Remote Attackers Can Log in to Cisco Systems with Administrative Privileges
CVE-2024-20439
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 4 September 2024
Badges
What is CVE-2024-20439?
CVE-2024-20439 is a critical vulnerability found in the Cisco Smart Licensing Utility, a tool utilized by organizations to manage license compliance and usage with Cisco products. This vulnerability allows unauthenticated remote attackers to gain access to systems with high-level administrative privileges by exploiting static credentials associated with an administrative account. The existence of this flaw poses a significant risk to organizations, as unauthorized access could lead to manipulation of the licensing environment, system configurations, and potentially the broader network infrastructure.
Technical Details
The vulnerability arises from an undocumented static user credential for an administrative account within the Cisco Smart Licensing Utility. Due to this static credential, an attacker does not require authentication to exploit the system; they can directly access it through the applicationโs API. This architecture flaw enables malicious actors to log in as an administrator and perform actions that are typically restricted to authorized personnel, creating a pathway for deep and potentially damaging interference within the affected systems.
Potential impact of CVE-2024-20439
-
Unauthorized System Access: The primary impact of CVE-2024-20439 is the unauthorized login by attackers, which allows them to access critical administrative functions. This can lead to full control over the licensing utility and related systems.
-
Manipulation of Licensing Information: Attackers gaining administrative privileges could alter or delete licensing data, leading to compliance violations that may incur financial penalties and damage organizational credibility.
-
Broader Network Compromise: With administrative access, an attacker could exploit the vulnerability to expand their reach, leading to further network compromises and the potential for extensive data breaches across interconnected systems.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Cisco Smart License Utility 2.1.0
Cisco Smart License Utility 2.0.0
Cisco Smart License Utility 2.2.0
Get notified when SecurityVulnerability.io launches alerting ๐
Well keep you posted ๐ง
News Articles
Help Net SecurityCVE-2024-20439Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) - Help Net Security
CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers, CISA warned.
2 weeks ago
Cisco confirms cyberattacks on Smart Licensing Utility flaw
CISA earlier this week added CVE-2024-20439, a static credential vulnerability in the license management app, to its known exploited vulnerabilities catalog.
2 weeks ago
References
EPSS Score
89% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ฐ
Used in Ransomware
- ๐ฆ
CISA Reported
- ๐
Vulnerability started trending
- ๐ฐ
First article discovered by Stormshield
- ๐พ
Exploit known to exist
Vulnerability published