CISA Warns of Cisco Smart Licensing Utility Credential Flaw Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning organizations about a critical vulnerability in Cisco’s Smart Licensing Utility (SLU) software that has reportedly been exploited in cyberattacks.

The vulnerability, assigned CVE-2024-20439, stems from a static credential issue that could leave affected systems open to remote exploitation with potentially devastating consequences.

Details of the Vulnerability

Cisco Smart Licensing Utility is a tool used for managing licenses across Cisco devices and services.

According to the advisory, the software contains hardcoded credentials that allow an unauthenticated, remote attacker to gain administrative access to impacted systems.

Once exploited, attackers can leverage administrative credentials to perform malicious activities, including disabling security measures, installing malware, or exfiltrating sensitive data.

The flaw has been deemed critical due to its potential to compromise systems remotely without requiring user interaction.

The vulnerability is linked to the Common Weakness Enumeration (CWE) ID CWE-912, which ...