Security News > 2024 > September > Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks
2024-09-05 04:40
Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account
News URL
https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html
Related news
- Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- CISA warns of hackers abusing Cisco Smart Install feature (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature (source)
- Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks (source)
- Critical SAP flaw allows remote attackers to bypass authentication (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-20439 | Use of Hard-coded Credentials vulnerability in Cisco Smart License Utility A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. | 9.8 |