Security News > 2024 > September > Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks
2024-09-05 04:40
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account
News URL
https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html
Related news
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) (source)
- Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-20439 | Use of Hard-coded Credentials vulnerability in Cisco Smart License Utility 2.0.0/2.1.0/2.2.0 A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. | 9.8 |