in the Cisco Smart Licensing Utility.
gbhackersCisco has issued a security advisory (Advisory ID: cisco-sa-cslu-7gHMzWmw) regarding critical vulnerabilities in the Cisco Smart Licensing Utility.
These vulnerabilities could allow unauthenticated, remote attackers to gain administrative control over affected systems.
The advisory was first published on September 4, 2024, and highlights the severity of the issue with a CVSS score of 9.8.
Cisco has released software updates to address these vulnerabilities, but no workarounds are available.
Vulnerability Details
CVE-2024-20439: Static Credential Vulnerability
A critical vulnerability identified as CVE-2024-20439 exists in the Cisco Smart Licensing Utility.
This flaw is due to an administrative account’s undocumented, static user credential.
An attacker could exploit this vulnerability by using the static credentials to log in to the affected system, potentially gaining administrative privileges over the API of the Cisco Smart Licensing Utility application.
- Bug ID: CSCwi41731
- Security Impact Rating (SIR): Critical
- CVSS Base Score: 9.8
- CVSS Vector: CVSS:3 ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE