← Voltar para CVEs
CVE-2024-20439
CRITICALCISA KEV9.8
Descricao
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/4/2024
Ultima modificacao10/28/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorCisco
ProdutoSmart Licensing Utility
Nome da vulnerabilidadeCisco Smart Licensing Utility Static Credential Vulnerability
Data inclusao KEV2025-03-31
Prazo de remediacao2025-04-21
Uso em ransomwareUnknown
Produtos afetados
cisco:smart_license_utility
Fraquezas (CWE)
CWE-912CWE-798
Referencias
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw(psirt@cisco.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20439(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.