CVE-2024-20439

Published Sep 4, 2024

Last updated a day ago

Exploit knownCVSS critical 9.8
Cisco Smart Licensing Utility

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-20439 is a vulnerability in the Cisco Smart Licensing Utility. It stems from an undocumented static user credential for an administrative account. An unauthenticated, remote attacker could exploit this vulnerability by using the static credentials to log in to an affected system. Successful exploitation could allow the attacker to log in with administrative privileges over the API of the Cisco Smart Licensing Utility application. Cisco has released software updates to address this vulnerability.

Description
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Source
psirt@cisco.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Cisco Smart Licensing Utility Static Credential Vulnerability
Exploit added on
Mar 31, 2025
Exploit action due
Apr 21, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@cisco.com
CWE-912
nvd@nist.gov
CWE-798

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. Cisco has warned admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. Cisco patched the static user credential security flaw (CVE-2024-20439) in September. https://t.co/t6Q5YAqiN3 https

    @riskigy

    2 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2024-20439

    @transilienceai

    2 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Apple corregge 3 vulnerabilità critiche ed emerge exploit attivo su Cisco Sicurezza Informatica, cisa, cisco, CVE-2024-20439, CVE-2025-24085, exploit, iOS 15.8.4, vulnerabilità, webkit, zero-day https://t.co/SMuNjif9qA https://t.co/V66ErBLPWQ

    @matricedigitale

    1 Apr 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 米CISAは、CVE-2024-20439を既知の悪用脆弱性(KEV)カタログに追加した。 この脆弱性はCisco Smart Licensing Utility(CSLU)に存在し、未認証の遠隔攻撃者が静的な管理者用認証情報を用いてシステムに侵入できる。

    @yousukezan

    1 Apr 2025

    1137 Impressions

    1 Retweet

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. CISA added a Cisco Smart Licensing Utility Static Credential vulnerability tracked as CVE-2024-20439 to the Known Exploited Vulnerabilities Catalog. This flaw allows unauthenticated attackers to log in using this hardcoded credential. More information about the flaw and its

    @BleepinComputer

    31 Mar 2025

    6606 Impressions

    11 Retweets

    37 Likes

    6 Bookmarks

    1 Reply

    2 Quotes

  6. 🛡️ We added Cisco Smart Licensing Utility vulnerability CVE-2024-20439 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/bJOgGeWmb8 & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/JBHyU88I3W

    @CISACyber

    31 Mar 2025

    4917 Impressions

    31 Retweets

    45 Likes

    6 Bookmarks

    0 Replies

    2 Quotes

  7. Cisco Smart Licensing Utility の積極的な悪用を観測:2024年9月の CVE-2024-20439/20440 https://t.co/1uaNT4rPRm たびたび攻撃の標的になる Cisco 製品ですが、2024年9月に公開の Cisco Smart Licensing Utility

    @iototsecnews

    31 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2024-20439

    @transilienceai

    30 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. There have been reports of active exploitation of vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in unpatched Cisco Smart Licensing Utility instances. Users and administrators of affected products are advised to update to the latest versions immediately. https://t.co/xgs1M9f

    @CSAsingapore

    25 Mar 2025

    159 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  10. 🚨 Critical alert from SANS: Two high-severity vulnerabilities in Cisco's Smart Licensing Utility (CVE-2024-20439, CVE-2024-20440) could grant unauthorized access. Update needed! 💻🔒 #Cisco #CyberThreat #USA link: https://t.co/vPEtPKSqR1 https://t.co/7sod3z3yFy

    @TweetThreatNews

    24 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 Deep Dive Alert. Cisco vulnerabilities are wreaking havoc. Today, we unpack three critical flaws, CVE-2024-20439, CVE-2024-20440, and CVE-2024-0305, that are turning unpatched systems into sitting ducks. A Thread. 🧵👇 https://t.co/9ZEluT9O43

    @AnagliWisdoms

    24 Mar 2025

    53 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  12. 🔥 Hardcoded admin logins. Leaky debug logs. Cisco Smart Licensing Utility is under fire. Hackers are actively exploiting CVE-2024-20439 & CVE-2024-20440—both rated 9.8. Access to admin creds & APIs is on the line. https://t.co/QWTrVsKujt

    @achi_tech

    23 Mar 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. به تازگی هکر ها دو آسیب پذیری موجود در Cisco Smart Licensing با کدهای شناسایی CVE-2024-20439 و CVE-2024-20440 را اکسپلویت نموده اند. برای پیشگیری و مقابله با این تهدید ، به روز رسانی لازم را اعمال نمایید. https://t.co/Poz3aKY03t https://t.co/EL6aggzHLs

    @AmirHossein_sec

    22 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Actively exploited CVE : CVE-2024-20439

    @transilienceai

    21 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. https://t.co/EcfgIM37UW Tentativi di sfruttamento per Cisco Smart Licensing Utility CVE-2024-20439 e CVE-2024-20440 https://t.co/m9ZB8wrlGN

    @palmacci24838

    21 Mar 2025

    3 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. به تازگی هکر ها دو آسیب پذیری موجود در Cisco Smart Licensing با کدهای شناسایی CVE-2024-20439 و CVE-2024-20440 را اکسپلویت نموده اند. برای پیشگیری و مقابله با این تهدید ، به روز رسانی لازم را اعمال نمایید. https://t.co/3iHyvemMMO

    @cybernetic_cy

    21 Mar 2025

    103 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 重大なCisco Smart Licensing Utilityの脆弱性が攻撃で悪用される(CVE-2024-20439、CVE-2024-20440) https://t.co/fxJZMsoGG6 #Security #セキュリティ #ニュース

    @SecureShield_

    21 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility Active exploitation of Cisco CVE-2024-20439 & 20440 in Smart Licensing forces urgent patching of vulnerable versions. https://t.co/gyTfjFV5Ms https://t.co/uRvKgKQUsb

    @matarturo

    21 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🗞️ Critical Cisco Smart Licensing Utility Flaws Now Under Active Exploitation Attackers are hitting unpatched Cisco Smart Licensing Utility instances, exploiting a backdoor admin account flaw (CVE-2024-20439) revealed just weeks ago. Cisco’s patches are out—update now to stop h

    @gossy_84

    21 Mar 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 Ongoing attacks target critical #Cisco Smart Licensing Utility flaws (CVE-2024-20439, CVSS 9.8). Patch now to stay secure! More details: https://t.co/deZJvhYXm0 #CyberSecurity #Infosec https://t.co/deZJvhYXm0

    @SalvadorCloud

    21 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 📌 تواجه أداة ترخيص Cisco Smart Licensing Utility هجمات إلكترونية نشطة تستغل ثغرتين أمنيّتين تم تصحيحهما. الأولى، CVE-2024-20439، ذات تصنيف عالٍ (9.8)، تتعلق بوجود بيانات اعتماد مستخدم ثابتة غير موثقة لحساب إداري يمكن للمهاجم استغلالها لتسجيل الدخول. #الامن_السيبراني https://t.c

    @Cybercachear

    21 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Attackers are targeting Cisco Smart Licensing Utility (CSLU) unpatched against a vulnerability exposing a built-in backdoor admin account. Cisco patched this flaw (CVE-2024-20439) "an undocumented static user credential for an administrative account" https://t.co/yyrdMNgwj6 https

    @riskigy

    21 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Attackers are exploiting unpatched Cisco Smart Licensing Utility instances, targeting vulnerabilities CVE-2024-20439 and CVE-2024-20440, allowing unauthorized remote access and sensitive data exposure. Cisco released patches. #Security https://t.co/RqcC3SmPMD

    @Strivehawk

    20 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Critical vulnerabilities in Cisco Smart Licensing Utility (CVE-2024-20439, CVE-2024-20440) expose backdoor admin access and sensitive logs. Patch now available! ⚠️ #CiscoSecurity #NetworkThreats #USA link: https://t.co/pAVgLRQMcl https://t.co/gKjmSjpUHb

    @TweetThreatNews

    20 Mar 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Cisco Smart Licensing Utilityの脆弱性(CVE-2024-20439およびCVE-2024-20440)に対する攻撃が確認された。 攻撃者は、デフォルトの認証情報を使用してCSLUインスタンスへのアクセスを試みている。これらの脆弱性は2024年9月に修正されているが、依然として攻撃対象である。 https://t.co/MgViPoBOSl

    @01ra66it

    20 Mar 2025

    260 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  26. Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440 - SANS Internet Storm Center - https://t.co/GrQGMwe8MI

    @moton

    20 Mar 2025

    339 Impressions

    3 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. New post from https://t.co/uXvPWJyEiR (Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440, (Wed, Mar 19th)) has been published on https://t.co/3TZL9RAgcl https://t.co/JbOU4XFrbn

    @WolfgangSesin

    19 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 Exploitation Attempts Targeting #Cisco Smart Licensing Utility Vulnerabilities (#CVE-2024-20439 & #CVE-2024-20440) https://t.co/B8G5HM2L7S

    @UndercodeNews

    19 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440 https://t.co/eJScPfXhPm https://t.co/SuIWUbODWQ

    @sans_isc

    19 Mar 2025

    1715 Impressions

    5 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  30. #Vulnerability #cisco Researcher Details CVE-2024-20439 (CVSS 9.8) Flaw in Cisco Smart Licensing Utility https://t.co/DEW0VWDKVB

    @Komodosec

    30 Oct 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References