Cisco Smart Licensing Utility Information Disclosure Vulnerability

CVE-2024-20440

7.5HIGH

Key Information

Vendor: Cisco
Status: Cisco Smart License Utility
Vendor: CVE Published:; 4 September 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.

This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

Affected Version(s)

Cisco Smart License Utility = 2.1.0

Cisco Smart License Utility = 2.0.0

Cisco Smart License Utility = 2.2.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 6, 2024
Vulnerability published
Sep 4, 2024

Collectors

NVD DatabaseMitre Database