Two now-patched safety flaws impacting Cisco Good Licensing Utility are seeing lively exploitation makes an attempt, in response to SANS Internet Storm Center.
The two critical-rated vulnerabilities in query are listed beneath –
- CVE-2024-20439 (CVSS rating: 9.8) – The presence of an undocumented static person credential for an administrative account that an attacker might exploit to log in to an affected system
- CVE-2024-20440 (CVSS rating: 9.8) – A vulnerability arising as a result of an excessively verbose debug log file that an attacker might exploit to entry such recordsdata by way of a crafted HTTP request and acquire credentials that can be utilized to entry the API
Profitable exploitation of the issues might allow an attacker to log in to the affected system with administrative privileges, and acquire log recordsdata that include delicate knowledge, together with credentials that can be utilized to entry the API.
That mentioned, the vulnerabilities are solely exploitable in situations the place the utility is actively operating.
The shortcomings, which impression variations 2.0.0, 2.1.0, and a couple of.2.0, have since been patched by Cisco in September 2024. Model 2.3.0 of Cisco Good License Utility just isn’t inclined to the 2 bugs.
As of March 2025, menace actors have been noticed trying to actively exploit the 2 vulnerabilities, SANS Know-how Institute’s Dean of Analysis Johannes B. Ullrich mentioned, including the unidentified menace actors are additionally weaponizing different flaws, together with what seems to be an data disclosure flaw (CVE-2024-0305, CVSS rating: 5.3) in Guangzhou Yingke Digital Know-how Ncast.
It is at present not identified what the tip purpose of the marketing campaign is, or who’s behind it. In gentle of lively abuse, it is crucial that customers apply the required patches for optimum safety.
