Recent reports from the SANS Internet Storm Center indicate that two recently patched security vulnerabilities in the Cisco Smart Licensing Utility are being actively targeted by malicious actors. The vulnerabilities have been classified as critical, underscoring the urgency for businesses to address these issues promptly.
The flaws identified are CVE-2024-20439 and CVE-2024-20440, both carrying a CVSS score of 9.8. CVE-2024-20439 pertains to an undocumented static user credential that could potentially grant an attacker administrative access to affected systems. Meanwhile, CVE-2024-20440 involves an overly detailed debug log that, if exploited via a crafted HTTP request, could allow unauthorized users to extract sensitive credentials necessary for API access.
The exploitation of these vulnerabilities poses severe risks, enabling unauthorized login to systems with elevated privileges and access to log files that contain critical information, including sensitive credentials. These attacking vectors resonate with the MITRE ATT&CK frameworks, suggesting that tactics such as initial access and privilege escalation may have been employed during these attacks.
To date, the vulnerabilities only affect versions 2.0.0, 2.1.0, and 2.2.0 of the Smart Licensing Utility, all of which have been patched by Cisco as of September 2024. Version 2.3.0 is confirmed to be immune from these issues. However, as of March 2025, attempts to exploit these flaws have been recorded, alongside efforts to weaponize other vulnerabilities, including an information disclosure issue identified as CVE-2024-0305.
The ongoing nature of these threats has made it imperative for users of the Cisco Smart Licensing Utility to apply the necessary patches. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2024-20439 as a Known Exploited Vulnerability, mandating that federal agencies implement the recommended updates by April 21, 2025.
In an update from Cisco, the company acknowledged awareness of ongoing exploitation attempts, reinforcing the need for users to transition to patched versions of the software for enhanced security. Business owners should remain vigilant, ensuring that their systems are updated and fortified against such vulnerabilities while being cognizant of the evolving threat landscape.
