Summary: Attackers are now targeting unpatched Cisco Smart Licensing Utility (CSLU) instances due to a vulnerability that exposes a backdoor admin account. Cisco released a patch for this flaw (CVE-2024-20439) in September, along with another critical vulnerability (CVE-2024-20440) that allows attackers to access sensitive log files. The vulnerabilities impact only systems running specific Cisco CSLU versions and require the CSLU app to be active.
Affected: Cisco Smart Licensing Utility (CSLU)
Keypoints :
- Attackers exploit a vulnerability allowing unauthenticated access to admin accounts in CSLU.
- Two critical vulnerabilities (CVE-2024-20439 and CVE-2024-20440) can lead to unauthorized access and information disclosure.
- Threat actors are observed chaining these vulnerabilities for exploitation attempts on exposed CSLU instances, following a detailed write-up by a researcher.
Views: 17