March 31, 2025

Continuous Cyberattacks Take Advantage of Serious Flaws in Cisco Smart Licensing Utility

Tahir March 21, 2025 0
Cisco Smart Licensing Utility
Post Views: 52

Continuous Cyberattacks Take Advantage of Serious Flaws in Cisco Smart Licensing Utility

The SANS Internet Storm Center reports that there are ongoing attempts to exploit two security holes that have been addressed and affect Cisco Smart Licensing Utility.

The following is a list of the two critical vulnerabilities in question:

  • CVE-2024-20439 (CVSS score: 9.8): The existence of an administrative account’s undocumented, static user credentials, which an attacker could use to access a compromised system.
  • CVE-2024-20440 (CVSS score: 9.8): An attacker may leverage an overly verbose debug log file as a vulnerability to gain access to the files using a well-constructed HTTP request and acquire credentials that would allow them to access the API.

If the vulnerabilities are successfully exploited, an attacker may be able to gain administrative privileges on the compromised system and access log files containing private information, such as login credentials for the API.

Nevertheless, the vulnerabilities can only be exploited when the program is operating.

Cisco has now addressed the vulnerabilities, which affect versions 2.0.0, 2.1.0, and 2.2.0, in September 2024.  The two vulnerabilities do not affect Cisco Smart License Utility version 2.3.0.

According to Johannes B. Ullrich, dean of research at the SANS Technology Institute, threat actors have been seen actively trying to exploit the two vulnerabilities as of March 2025. He also stated that the unidentified threat actors are weaponizing other vulnerabilities, such as what appears to be an information disclosure flaw (CVE-2024-0305, CVSS score: 5.3) in Guangzhou Yingke Electronic Technology Ncast.

The campaign’s ultimate objective and its sponsor are presently unknown.  Users must install the required fixes for the best protection in light of ongoing exploitation.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.   Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

READ MORE HERE

A Serious Security Concern is Raised by the DeepSeek AI Vulnerability; Read The Full Story

A Cyber Fraud of ₹55 Lakhs Hit HAL Kanpur.

About Author

Tahir

See author's posts

More Stories

Dating Scam

Got a Right Swipe and A Perfect Match! Beware! Noida Businessman Duped of ₹6.5Cr in Dating Scam!

Tahir March 30, 2025 0
SaaS Security Powered by AI

SaaS Security Powered by AI: Keeping Up with a Growing Attack Surface

Tahir March 30, 2025 0
DeepSeek AI Vulnerability

A Serious Security Concern is Raised by the DeepSeek AI Vulnerability; Read The Full Story

Tahir March 18, 2025 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Dating Scam

Got a Right Swipe and A Perfect Match! Beware! Noida Businessman Duped of ₹6.5Cr in Dating Scam!

Tahir March 30, 2025 0
SaaS Security Powered by AI

SaaS Security Powered by AI: Keeping Up with a Growing Attack Surface

Tahir March 30, 2025 0
Cisco Smart Licensing Utility

Continuous Cyberattacks Take Advantage of Serious Flaws in Cisco Smart Licensing Utility

Tahir March 21, 2025 0
DeepSeek AI Vulnerability

A Serious Security Concern is Raised by the DeepSeek AI Vulnerability; Read The Full Story

Tahir March 18, 2025 0
HAL Kanpur

A Cyber Fraud of ₹55 Lakhs Hit HAL Kanpur.

Tahir March 16, 2025 0
en_USEnglish
en_USEnglish
Open chat
Hello
Can we help you?