Two now-patched security flaws impacting Cisco Sensible Licensing Utility are seeing energetic exploitation makes an attempt, based on SANS Web Storm Middle.
The 2 critical-rated vulnerabilities in query are listed under –
- CVE-2024-20439 (CVSS rating: 9.8) – The presence of an undocumented static consumer credential for an administrative account that an attacker may exploit to log in to an affected system
- CVE-2024-20440 (CVSS rating: 9.8) – A vulnerability arising because of an excessively verbose debug log file that an attacker may exploit to entry such recordsdata by way of a crafted HTTP request and procure credentials that can be utilized to entry the API
Profitable exploitation of the issues may allow an attacker to log in to the affected system with administrative privileges, and procure log recordsdata that comprise delicate information, together with credentials that can be utilized to entry the API.
That mentioned, the vulnerabilities are solely exploitable in situations the place the utility is actively operating.
The shortcomings, which impression variations 2.0.0, 2.1.0, and a couple of.2.0, have since been patched by Cisco in September 2024. Model 2.3.0 of Cisco Sensible License Utility isn’t vulnerable to the 2 bugs.
As of March 2025, risk actors have been noticed trying to actively exploit the 2 vulnerabilities, SANS Expertise Institute’s Dean of Analysis Johannes B. Ullrich mentioned, including the unidentified risk actors are additionally weaponizing different flaws, together with what seems to be an info disclosure flaw (CVE-2024-0305, CVSS rating: 5.3) in Guangzhou Yingke Digital Expertise Ncast.
It is presently not identified what the tip objective of the marketing campaign is, or who’s behind it. In gentle of energetic abuse, it is crucial that customers apply the required patches for optimum safety.
