← Volver a CVEs
CVE-2024-20439
CRITICALCISA KEV9.8
Descripcion
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/4/2024
Ultima modificacion10/28/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorCisco
ProductoSmart Licensing Utility
Nombre vulnerabilidadCisco Smart Licensing Utility Static Credential Vulnerability
Fecha inclusion KEV2025-03-31
Fecha limite remediacion2025-04-21
Uso en ransomwareUnknown
Productos afectados
cisco:smart_license_utility
Debilidades (CWE)
CWE-912CWE-798
Referencias
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw(psirt@cisco.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20439(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.