Cisco Smart Licensing Utility Information Disclosure Vulnerability
CVE-2024-20440
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 4 September 2024
Badges
Summary
A vulnerability exists in the Cisco Smart Licensing Utility that allows remote attackers to access sensitive information via excessive verbosity in a debug log file. By sending a specially crafted HTTP request to the affected device, an unauthenticated attacker can exploit this issue to extract log files containing sensitive data, including credentials that could be exploited for unauthorized API access. Organizations using the affected versions should assess their exposure and consider implementing mitigations to prevent the unauthorized disclosure of sensitive information.
Affected Version(s)
Cisco Smart License Utility 2.1.0
Cisco Smart License Utility 2.0.0
Cisco Smart License Utility 2.2.0
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Cyber Security Agency of SingaporeActive Exploitation of Vulnerabilities in Cisco Smart Licensing Utility
There have been reports of active exploitation of vulnerabilities in unpatched Cisco Smart Licensing Utility instances.
4 weeks ago
The Cyber ExpressUrgent Patch Needed For CVE-2024-20439 And CVE-2024-20440
Cisco alerts users to critical vulnerabilities CVE-2024-20439 and CVE-2024-20440 in CSLU.
4 weeks ago
Hackers Target Cisco Smart Licensing Utility Vulnerabilities
SANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440.
1 month ago
References
EPSS Score
82% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by GBHackers News
- 👾
Exploit known to exist
Vulnerability published