Security News > 2025 > April > Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)
2025-04-03 13:04
CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up with a confirmation by updating the security advisory covering CVE-2024-20439 and CVE-2024-20440, an information disclosure flaw in the same software. “In March 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of … More → The post Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) appeared first on Help Net Security.
News URL
Related news
- Cisco warns of Webex for BroadWorks flaw exposing credentials (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-20440 | Information Exposure Through Log Files vulnerability in Cisco Smart License Utility 2.0.0/2.1.0/2.2.0 A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. | 7.5 |
| 2024-09-04 | CVE-2024-20439 | Use of Hard-coded Credentials vulnerability in Cisco Smart License Utility 2.0.0/2.1.0/2.2.0 A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. | 9.8 |