Critical Cisco Smart Licensing Utility Vulnerabilities Actively Exploited

TL;DR

Cisco Smart Licensing Utility faces active exploitation of two critical vulnerabilities, CVE-2024-20439 and CVE-2024-20440. These flaws allow unauthenticated attackers to access sensitive information and control the utility. Cisco has issued patches, but no workarounds are available. Security experts warn of ongoing exploitation attempts.

Active Exploitation of Cisco Smart Licensing Utility Vulnerabilities

Security experts have issued a warning about the active exploitation of two recently patched vulnerabilities in Cisco Smart Licensing Utility. These vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, pose significant risks to organizations using the affected software.

Details of the Vulnerabilities

Cisco disclosed the following vulnerabilities in its Smart Licensing Utility:

1. CVE-2024-20439 (CVSS score: 9.8)
   • Description: This flaw involves an undocumented static admin credential, allowing attackers to log in with administrative privileges via the Cisco Smart Licensing Utility API.
   • Impact: Attackers can exploit this backdoor to access and potentially manipulate sensitive log files and other critical data.
2. CVE-2024-20440 (CVSS score: 9.8)
   • Description: This vulnerability arises from excessive verbosity in a debug log file, enabling attackers to send specially crafted HTTP requests to obtain log files containing sensitive data, including credentials.
   • Impact: Exploitation of this flaw can lead to unauthorized access to the API and other sensitive information.

According to Cisco’s advisory, “Multiple vulnerabilities in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running.” ¹

Mitigation and Patch Information

Cisco has released software updates to address these vulnerabilities. However, there are no workarounds available to mitigate these issues without applying the patches. Organizations are strongly advised to update their systems immediately to protect against potential attacks.

Ongoing Exploitation and Additional Threats

Researchers at the SANS Internet Storm Center have observed active exploitation of these vulnerabilities. They noted that the two flaws are interconnected, with the static credential backdoor (CVE-2024-20439) allowing attackers to access the verbose log files (CVE-2024-20440). This combination enables attackers to gather sensitive information and gain unauthorized access to the system.

SANS researchers also warned that the group exploiting these vulnerabilities is targeting configuration files and potentially other vulnerabilities, such as CVE-2024-0305 (CVSS score: 5.3), which affects DVR systems. ²

Conclusion

The active exploitation of these Cisco Smart Licensing Utility vulnerabilities underscores the importance of prompt patching and vigilant monitoring. Organizations should prioritize applying the available updates to mitigate the risks associated with these critical flaws. Staying informed about the latest security advisories and implementing robust security practices can help protect against such threats.

For more details, visit the full article: Cisco Smart Licensing Utility Flaws Actively Exploited in the Wild

Additional Resources

For further insights, check:

• Cisco Security Advisory
• SANS Internet Storm Center Advisory

1. Cisco (2025). “Cisco Security Advisory”. Cisco. Retrieved 2025-03-21. ↩︎

2. SANS Internet Storm Center (2025). “SANS Internet Storm Center Advisory”. SANS. Retrieved 2025-03-21. ↩︎