Latest Cyber Security News

You are here: Home / General Cyber Security News / Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
March 21, 2025

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center.

The two critical-rated vulnerabilities in question are listed below –

  • CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an affected system
  • CVE-2024-20440 (CVSS score: 9.8) – A vulnerability arising due to an excessively verbose debug log file that an attacker could exploit to access such files by means of a crafted HTTP request and obtain credentials that can be used to access the API

Successful exploitation of the flaws could enable an attacker to log in to the affected system with administrative privileges, and obtain log files that contain sensitive data, including credentials that can be used to access the API.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

That said, the vulnerabilities are only exploitable in scenarios where the utility is actively running.

The shortcomings, which impact versions 2.0.0, 2.1.0, and 2.2.0, have since been patched by Cisco in September 2024. Version 2.3.0 of Cisco Smart License Utility is not susceptible to the two bugs.

As of March 2025, threat actors have been observed attempting to actively exploit the two vulnerabilities, SANS Technology Institute’s Dean of Research Johannes B. Ullrich said, adding the unidentified threat actors are also weaponizing other flaws, including what appears to be an information disclosure flaw (CVE-2024-0305, CVSS score: 5.3) in Guangzhou Yingke Electronic Technology Ncast.

It’s currently not known what the end goal of the campaign is, or who is behind it. In light of active abuse, it’s imperative that users apply the necessary patches for optimal protection.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *