- Home
- Alerts & Advisories
- Alerts
- Active Exploitation of Vulnerabilities in Cisco Smart Licensing Utility
Alerts
Active Exploitation of Vulnerabilities in Cisco Smart Licensing Utility
25 March 2025
There have been reports of active exploitation of vulnerabilities in unpatched Cisco Smart Licensing Utility instances. Users and administrators of affected products are advised to update to the latest versions immediately.
There have been reports of active exploitation of vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in unpatched Cisco Smart Licensing Utility instances. CVE-2024-20439 has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
The vulnerabilities are:
CVE-2024-20439: A static credential vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
CVE-2024-20440: An information disclosure vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.
Both CVE-2024-20439 and CVE-2024-20440 can be chained together to target Cisco Smart Licensing Utility instances exposed to the internet.
These vulnerabilities affect Cisco Smart Licensing Utility versions 2.0.0 to 2.2.0. These vulnerabilities can only be exploited if the Cisco Smart Licensing Utility has been manually started by a user and is actively running.
Users and administrators of affected products are advised to update to the latest versions immediately.
More information is available here:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
https://nvd.nist.gov/vuln/detail/cve-2024-20439