← Zuruck zu CVEs
CVE-2024-20439
CRITICALCISA KEV9.8
Beschreibung
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht9/4/2024
Zuletzt geandert10/28/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerCisco
ProduktSmart Licensing Utility
SchwachstellennameCisco Smart Licensing Utility Static Credential Vulnerability
KEV Aufnahmedatum2025-03-31
Behebungsfrist2025-04-21
Ransomware-NutzungUnknown
Betroffene Produkte
cisco:smart_license_utility
Schwachen (CWE)
CWE-912CWE-798
Referenzen
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw(psirt@cisco.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20439(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.