Summary: Cisco has issued a warning regarding a critical vulnerability (CVE-2024-20439) in its Smart Licensing Utility (CSLU) that exposes a backdoor admin account, allowing unauthenticated attackers to gain remote admin access to vulnerable systems. This flaw, which was patched in September, is being actively exploited in conjunction with another vulnerability (CVE-2024-20440) to access sensitive data. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to secure their systems promptly.
Affected: Cisco Smart Licensing Utility (CSLU)
Keypoints :
- CVE-2024-20439 allows unauthorized access via a hardcoded static admin credential.
- Exploitations have been observed in the wild, prompting urgent security updates.
- CISA has mandated federal agencies to secure systems against this vulnerability by April 21.