Cyber Security News

Cisco Smart Licensing Utility Vulnerabilities Under Hacker Exploitation

Recent reports indicate that hackers are actively trying to exploit two critical vulnerabilities in the Cisco Smart Licensing Utility.

These vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, were disclosed by Cisco in September.

The first vulnerability involves a static credential issue, while the second is an information disclosure vulnerability related to excessive logging.

Overview of the Vulnerabilities

  • CVE-2024-20439: Cisco Smart Licensing Utility Static Credential Vulnerability
    This vulnerability involves the use of a fixed password that could allow attackers unauthorized access to affected systems. This type of vulnerability is not uncommon in software, acting as a backdoor for product maintenance or troubleshooting.
  • CVE-2024-20440: Cisco Smart Licensing Utility Information Disclosure Vulnerability
    This vulnerability relates to an issue where log files disclose more sensitive information than intended. By exploiting the first vulnerability, attackers can potentially access these log files, leading to further security risks.

Exploit Attempts and Activity

According to the SANS Institute report, Details about the vulnerabilities, including the backdoor credentials, were published shortly after the advisory was released.

It has been noted that exploit attempts are focused on the API endpoint located at /cslu/v1. One of the observed requests includes:

GET /cslu/v1/scheduler/jobs HTTP/1.1

Host: [redacted]:80

Authorization: Basic Y3NsdS13aW5kb3dzLWNsaWVudDpMaWJyYXJ5NEMkTFU=

Connection: close

The base64 encoded string in this request decodes to cslu-windows-client:Library4C$LU, which were previously identified by a blog post by Nicholas Starke as default credentials.

The group behind these exploits is also probing for other vulnerabilities, including scanning for configuration files like “/web.config.zip”.

They are also targeting what appears to be a DVR-related vulnerability, possibly CVE-2024-0305, although the exact CVE is uncertain. Another exploit attempt involves different credentials:

GET /classes/common/busiFacade.php HTTP/1.1

Host: [redacted]:80

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Authorization: Basic aGVscGRlc2tJbnRlZ3JhdGlvblVzZXI6ZGV2LUM0RjgwMjVFNw==

Content-Type: application/x-www-form-urlencoded

Connection: close

These credentials decode to helpdeskIntegrationUser:dev-C4F8025E.

The vulnerability in Cisco’s Smart Licensing Utility highlights a broader issue where both low-cost IoT devices and high-end enterprise security software often share similar basic vulnerabilities.

As hackers continue to exploit such weaknesses, organizations must remain vigilant and promptly apply patches to protect their systems.

Recommendations for Users:

  1. Update and Patch: Ensure all software and systems are updated with the latest security patches.
  2. Monitor Activity: Regularly monitor system logs for unusual access attempts.
  3. Secure Credentials: Use strong passwords and avoid default credentials whenever possible.

In today’s cyber landscape, proactive security measures can significantly mitigate the risk of successful exploits.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago