CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild.
The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU) and allows unauthenticated, remote attackers to gain administrative access to affected systems through an undocumented, static credential.
The vulnerability, classified under CWE-912 (Hidden Functionality), carries a Critical severity with a CVSS base score of 9.8.
According to Cisco’s security advisory, the flaw “could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.”
Cisco Smart Licensing Utility Credential Vulnerability
This backdoor-like access exists due to hardcoded credentials embedded within the application, providing attackers with full administrative privileges over the CSLU API.
Security researchers have noted that exploitation is relatively straightforward once attackers identify vulnerable systems.
Johannes Ullrich, Dean of Research at the SANS Technology Institute, confirmed that threat actors are actively exploiting this vulnerability, especially after technical details, including the backdoor credentials, were published online.
“It is no surprise that we are seeing some exploit activity,” Ullrich noted after observing attacks in the wild.
Attackers are reportedly chaining CVE-2024-20439 with another critical vulnerability in the same product, CVE-2024-20440 (CVSS 9.8), an information disclosure flaw that enables extraction of sensitive data from debug log files.
The combination of these vulnerabilities creates a particularly dangerous attack vector, allowing attackers to both gain administrative access and harvest credentials for further system compromise.
The threat actors behind these exploitation attempts are also targeting other vulnerabilities, including CVE-2024-0305, which affects Guangzhou Yingke Electronic DVRs.
The summary of the vulnerability is given below:
Risk Factors Details
Affected ProductsCisco Smart Licensing Utility versions 2.0.0 to 2.2.0 (excluding version 2.3.0)
ImpactAllows unauthenticated, remote attackers to log in using static administrative credentialsExploit PrerequisitesCisco Smart Licensing Utility is manually started and actively runningCVSS 3.1 Score9.8 (Critical)
Affected Products and Remediations
The vulnerability impacts Cisco Smart Licensing Utility versions 2.0.0 through 2.2.0, with version 2.3.0 confirmed as not vulnerable. CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply patches by April 21, 2025.
It’s important to note that these vulnerabilities only affect systems where the CSLU has been manually started, as it doesn’t run in the background by default.
However, even launching the application once on an internet-connected host can create an exploitation opportunity.
Organizations Can take the following actions:
Organizations should prioritize addressing this vulnerability given its critical nature, ease of exploitation, and confirmation of active attacks.
As the CISA KEV catalog continues to be the authoritative source for tracking exploited vulnerabilities, security teams should incorporate it into their vulnerability management prioritization frameworks.
#Cyber_Security_News #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks
Author: Guru BaranThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild.
The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU) and allows unauthenticated, remote attackers to gain administrative access to affected systems through an undocumented, static credential.
The vulnerability, classified under CWE-912 (Hidden Functionality), carries a Critical severity with a CVSS base score of 9.8.
According to Cisco’s security advisory, the flaw “could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.”
Cisco Smart Licensing Utility Credential Vulnerability
This backdoor-like access exists due to hardcoded credentials embedded within the application, providing attackers with full administrative privileges over the CSLU API.
Security researchers have noted that exploitation is relatively straightforward once attackers identify vulnerable systems.
Johannes Ullrich, Dean of Research at the SANS Technology Institute, confirmed that threat actors are actively exploiting this vulnerability, especially after technical details, including the backdoor credentials, were published online.
“It is no surprise that we are seeing some exploit activity,” Ullrich noted after observing attacks in the wild.
Attackers are reportedly chaining CVE-2024-20439 with another critical vulnerability in the same product, CVE-2024-20440 (CVSS 9.8), an information disclosure flaw that enables extraction of sensitive data from debug log files.
The combination of these vulnerabilities creates a particularly dangerous attack vector, allowing attackers to both gain administrative access and harvest credentials for further system compromise.
The threat actors behind these exploitation attempts are also targeting other vulnerabilities, including CVE-2024-0305, which affects Guangzhou Yingke Electronic DVRs.
The summary of the vulnerability is given below:
Risk Factors Details
Affected ProductsCisco Smart Licensing Utility versions 2.0.0 to 2.2.0 (excluding version 2.3.0)
ImpactAllows unauthenticated, remote attackers to log in using static administrative credentialsExploit PrerequisitesCisco Smart Licensing Utility is manually started and actively runningCVSS 3.1 Score9.8 (Critical)
Affected Products and Remediations
The vulnerability impacts Cisco Smart Licensing Utility versions 2.0.0 through 2.2.0, with version 2.3.0 confirmed as not vulnerable. CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply patches by April 21, 2025.
It’s important to note that these vulnerabilities only affect systems where the CSLU has been manually started, as it doesn’t run in the background by default.
However, even launching the application once on an internet-connected host can create an exploitation opportunity.
Organizations Can take the following actions:
- Update to Cisco Smart Licensing Utility version 2.3.0 or later immediately
- If patching isn’t immediately possible, implement network segmentation to restrict access to CSLU instances
- Monitor systems for unauthorized access attempts
- Review CISA’s KEV catalog for other actively exploited vulnerabilities requiring remediation
Organizations should prioritize addressing this vulnerability given its critical nature, ease of exploitation, and confirmation of active attacks.
As the CISA KEV catalog continues to be the authoritative source for tracking exploited vulnerabilities, security teams should incorporate it into their vulnerability management prioritization frameworks.
#Cyber_Security_News #Vulnerabilities #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
