Security News > 2025 > March > Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

2025-03-21 05:09
Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an
News URL
https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html
Related news
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-04 | CVE-2024-20439 | Use of Hard-coded Credentials vulnerability in Cisco Smart License Utility 2.0.0/2.1.0/2.2.0 A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. | 9.8 |