Two Critical Vulnerabilities Expose Administrative Access
Two now-patched but previously critical vulnerabilities in Cisco Smart Licensing Utility are being actively exploited in the wild, according to reports from the SANS Internet Storm Center. These flaws affect versions 2.0.0, 2.1.0, and 2.2.0 of the utility, with the most recent version 2.3.0 confirmed to be unaffected.
The vulnerabilities are the following:
- CVE-2024-20439 (CVSS 9.8) involves an undocumented static user credential for an admin account, allowing attackers to gain privileged access to a targeted system.
- CVE-2024-20440 (CVSS 9.8) arises from overly verbose debug log files, which can be accessed via specially crafted HTTP requests to extract sensitive credentials.
If successfully exploited, these Cisco flaws could allow attackers to both log in with administrative rights and extract API-access credentials from log files. However, exploitation is only possible when the Cisco Smart Licensing Utility is actively running.
Active Threats and Additional Exploits
Cybersecurity analysts have been observing an uptake in exploitation attempts targeting these vulnerabilities. Johannes B. Ullrich, Dean of Research at the SANS Technology Institute, confirmed that unidentified threat actors are actively weaponizing these flaws in ongoing campaigns.
Moreover, attackers are taking advantage of other vulnerabilities, including CVE-2024-0305 (CVSS 5.3), an information disclosure flaw in Guangzhou Yingke Electronic Technology’s Ncast system. While the motives and identities behind the campaigns remain unclear, the activity underscores the urgency of patching exposed systems.
Given the critical nature of these flaws and the real-world exploitation attempts, all users of Cisco Smart Licensing Utility should upgrade to version 2.3.0 or later.