- Description
- A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
Threat Alert: Attacks exploiting critical Cisco Smart Licensing Utility bug ongoing CVE-2024-20439 CVE-2024-20440 CVE-2024-20469 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/lEGTFqwqfD #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
4 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
There have been reports of active exploitation of vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in unpatched Cisco Smart Licensing Utility instances. Users and administrators of affected products are advised to update to the latest versions immediately. https://t.co/xgs1M9f
@CSAsingapore
25 Mar 2025
159 Impressions
1 Retweet
2 Likes
0 Bookmarks
2 Replies
0 Quotes
🚨 Critical alert from SANS: Two high-severity vulnerabilities in Cisco's Smart Licensing Utility (CVE-2024-20439, CVE-2024-20440) could grant unauthorized access. Update needed! 💻🔒 #Cisco #CyberThreat #USA link: https://t.co/vPEtPKSqR1 https://t.co/7sod3z3yFy
@TweetThreatNews
24 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Deep Dive Alert. Cisco vulnerabilities are wreaking havoc. Today, we unpack three critical flaws, CVE-2024-20439, CVE-2024-20440, and CVE-2024-0305, that are turning unpatched systems into sitting ducks. A Thread. 🧵👇 https://t.co/9ZEluT9O43
@AnagliWisdoms
24 Mar 2025
53 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
🔥 Hardcoded admin logins. Leaky debug logs. Cisco Smart Licensing Utility is under fire. Hackers are actively exploiting CVE-2024-20439 & CVE-2024-20440—both rated 9.8. Access to admin creds & APIs is on the line. https://t.co/QWTrVsKujt
@achi_tech
23 Mar 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی هکر ها دو آسیب پذیری موجود در Cisco Smart Licensing با کدهای شناسایی CVE-2024-20439 و CVE-2024-20440 را اکسپلویت نموده اند. برای پیشگیری و مقابله با این تهدید ، به روز رسانی لازم را اعمال نمایید. https://t.co/Poz3aKY03t https://t.co/EL6aggzHLs
@AmirHossein_sec
22 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/EcfgIM37UW Tentativi di sfruttamento per Cisco Smart Licensing Utility CVE-2024-20439 e CVE-2024-20440 https://t.co/m9ZB8wrlGN
@palmacci24838
21 Mar 2025
3 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
به تازگی هکر ها دو آسیب پذیری موجود در Cisco Smart Licensing با کدهای شناسایی CVE-2024-20439 و CVE-2024-20440 را اکسپلویت نموده اند. برای پیشگیری و مقابله با این تهدید ، به روز رسانی لازم را اعمال نمایید. https://t.co/3iHyvemMMO
@cybernetic_cy
21 Mar 2025
103 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
重大なCisco Smart Licensing Utilityの脆弱性が攻撃で悪用される(CVE-2024-20439、CVE-2024-20440) https://t.co/fxJZMsoGG6 #Security #セキュリティ #ニュース
@SecureShield_
21 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers are exploiting unpatched Cisco Smart Licensing Utility instances, targeting vulnerabilities CVE-2024-20439 and CVE-2024-20440, allowing unauthorized remote access and sensitive data exposure. Cisco released patches. #Security https://t.co/RqcC3SmPMD
@Strivehawk
20 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities in Cisco Smart Licensing Utility (CVE-2024-20439, CVE-2024-20440) expose backdoor admin access and sensitive logs. Patch now available! ⚠️ #CiscoSecurity #NetworkThreats #USA link: https://t.co/pAVgLRQMcl https://t.co/gKjmSjpUHb
@TweetThreatNews
20 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Smart Licensing Utilityの脆弱性(CVE-2024-20439およびCVE-2024-20440)に対する攻撃が確認された。 攻撃者は、デフォルトの認証情報を使用してCSLUインスタンスへのアクセスを試みている。これらの脆弱性は2024年9月に修正されているが、依然として攻撃対象である。 https://t.co/MgViPoBOSl
@01ra66it
20 Mar 2025
260 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440 - SANS Internet Storm Center - https://t.co/GrQGMwe8MI
@moton
20 Mar 2025
339 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJyEiR (Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440, (Wed, Mar 19th)) has been published on https://t.co/3TZL9RAgcl https://t.co/JbOU4XFrbn
@WolfgangSesin
19 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Exploitation Attempts Targeting #Cisco Smart Licensing Utility Vulnerabilities (#CVE-2024-20439 & #CVE-2024-20440) https://t.co/B8G5HM2L7S
@UndercodeNews
19 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440 https://t.co/eJScPfXhPm https://t.co/SuIWUbODWQ
@sans_isc
19 Mar 2025
1715 Impressions
5 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:smart_license_utility:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF65619C-5372-4141-9919-3A7E13D8D557"
},
{
"criteria": "cpe:2.3:a:cisco:smart_license_utility:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0FAD450-9306-4ECB-BC8B-7CE19CCC4353"
},
{
"criteria": "cpe:2.3:a:cisco:smart_license_utility:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46259FBD-210E-4DD4-866A-A0F4FF485BC2"
}
],
"operator": "OR"
}
]
}
]