Cisco Smart Licensing Utility Information Disclosure Vulnerability
CVE-2024-20440

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Smart License Utility
Vendor: CVE Published:; 4 September 2024

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the Cisco Smart Licensing Utility that allows remote attackers to access sensitive information via excessive verbosity in a debug log file. By sending a specially crafted HTTP request to the affected device, an unauthenticated attacker can exploit this issue to extract log files containing sensitive data, including credentials that could be exploited for unauthorized API access. Organizations using the affected versions should assess their exposure and consider implementing mitigations to prevent the unauthorized disclosure of sensitive information.

Affected Version(s)

Cisco Smart License Utility 2.1.0

Cisco Smart License Utility 2.0.0

Cisco Smart License Utility 2.2.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 6, 2024
Vulnerability published
Sep 4, 2024