114/68 Monday, March 24, 2025
Cybersecurity experts have issued warnings following the discovery of active attacks exploiting two newly disclosed vulnerabilities in Cisco Smart Licensing Utility—CVE-2024-20439 and CVE-2024-20440. Both flaws, recently patched by Cisco, are rated Critical with a CVSS score of 9.8.
Details of the Vulnerabilities:
- CVE-2024-20439: This flaw involves a hardcoded static credential backdoor—an undocumented administrator password—that allows attackers to access the system via the API without authentication.
- CVE-2024-20440: This vulnerability stems from overly detailed debug logging, which could enable attackers to send specially crafted HTTP requests to retrieve log files. These logs may contain sensitive data such as API access credentials.
Although Cisco has released software updates to address the issues, no temporary workarounds are available. After security researcher Nicholas Starke published details of the vulnerabilities and the backdoor password on his blog, reports of exploitation began to surface almost immediately.
The SANS Internet Storm Center also reports that attackers are attempting to access configuration files, and may be chaining these vulnerabilities with others—such as CVE-2024-0305, which affects DVR devices. However, it remains unclear who is behind the attacks or what their motives are.
Organizations using the affected Cisco software are urged to update immediately and review their systems for signs of compromise.
