Cisco has disclosed critical vulnerabilities in its Smart Licensing Utility software, identified as CVE-2024-20439 and CVE-2024-20440, which could allow unauthenticated, remote attackers to gain administrative access or collect sensitive information from compromised systems.
These flaws, rated with a severity score of 9.8 in the Common Vulnerability Scoring System (CVSS), pose significant security risks to organizations using the affected software.
A flaw in Cisco Smart Licensing Utility allows unauthorized attackers to log into systems remotely using hardcoded static administrative credentials.
The issue arises due to the presence of an undocumented administrative account. Successful exploitation grants attackers access to administrative privileges over the application’s API, leaving systems vulnerable to further compromise.
A separate vulnerability stems from excessive verbosity in debug log files.
Attackers could exploit this issue by sending crafted HTTP requests to affected systems, allowing them to access sensitive log files containing credentials and other critical information.
The disclosed data could enable attackers to further compromise the system.
The vulnerabilities impact the Cisco Smart Licensing Utility software when actively running. Cisco has confirmed the following products are not vulnerable:
| Cisco Smart License Utility Release | Status | First Fixed Release |
| 2.0.0 | Vulnerable | Migrate to a fixed release |
| 2.1.0 | Vulnerable | Migrate to a fixed release |
| 2.2.0 | Vulnerable | Migrate to a fixed release |
| 2.3.0 | Not Vulnerable | Already fixed |
Cisco has released free updates to address these vulnerabilities. Users are urged to migrate to a non-vulnerable software version promptly.
Cisco has provided detailed guidance for obtaining software upgrades via the Cisco Support and Downloads page and other authorized channels.
No workarounds are available for these vulnerabilities. Users must upgrade to secure their systems.
Cisco confirmed reports of attempted exploitation of these vulnerabilities as of March 2025. Organizations are strongly advised to take timely action and implement mitigating software updates to prevent compromise.
Organizations using vulnerable versions of Cisco Smart Licensing Utility must act immediately to prevent unauthorized access and information leaks.
Cisco continues to monitor these vulnerabilities and urges users to stay updated with the latest patches and advisories.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…
Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…
A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…
A surge in phishing text messages claiming unpaid tolls has been linked to a massive…