Recent reports indicate that hackers are actively trying to exploit two critical vulnerabilities in the Cisco Smart Licensing Utility.
These vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, were disclosed by Cisco in September.
The first vulnerability involves a static credential issue, while the second is an information disclosure vulnerability related to excessive logging.
According to the SANS Institute report, Details about the vulnerabilities, including the backdoor credentials, were published shortly after the advisory was released.
It has been noted that exploit attempts are focused on the API endpoint located at /cslu/v1. One of the observed requests includes:
GET /cslu/v1/scheduler/jobs HTTP/1.1
Host: [redacted]:80
Authorization: Basic Y3NsdS13aW5kb3dzLWNsaWVudDpMaWJyYXJ5NEMkTFU=
Connection: close
The base64 encoded string in this request decodes to cslu-windows-client:Library4C$LU, which were previously identified by a blog post by Nicholas Starke as default credentials.
The group behind these exploits is also probing for other vulnerabilities, including scanning for configuration files like “/web.config.zip”.
They are also targeting what appears to be a DVR-related vulnerability, possibly CVE-2024-0305, although the exact CVE is uncertain. Another exploit attempt involves different credentials:
GET /classes/common/busiFacade.php HTTP/1.1
Host: [redacted]:80
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
Authorization: Basic aGVscGRlc2tJbnRlZ3JhdGlvblVzZXI6ZGV2LUM0RjgwMjVFNw==
Content-Type: application/x-www-form-urlencoded
Connection: close
These credentials decode to helpdeskIntegrationUser:dev-C4F8025E.
The vulnerability in Cisco’s Smart Licensing Utility highlights a broader issue where both low-cost IoT devices and high-end enterprise security software often share similar basic vulnerabilities.
As hackers continue to exploit such weaknesses, organizations must remain vigilant and promptly apply patches to protect their systems.
In today’s cyber landscape, proactive security measures can significantly mitigate the risk of successful exploits.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…