Summary: The SANS Technology Institute has issued a critical alert regarding two high-severity vulnerabilities in Cisco’s Smart Licensing Utility (CSLU), urging immediate updates to mitigate potential cybersecurity risks. These vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, could allow attackers unauthorized access and control over affected systems. The situation emphasizes the urgent need for timely software updates to protect organizational systems from exploitation.
Affected: Cisco Smart Licensing Utility (CSLU)
Keypoints :
- Critical vulnerabilities CVE-2024-20439 and CVE-2024-20440 pose serious cybersecurity risks to the CSLU.
- CVE-2024-20439 allows administrative access via an undocumented static user credential, while CVE-2024-20440 can disclose sensitive information due to excessive debug log verbosity.
- Exploitation attempts have already been detected, reinforcing the need for immediate updates to versions 2.0.0, 2.1.0, or 2.2.0, or upgrading to version 2.3.0 or later.
Source: https://thecyberexpress.com/cve-2024-20439-and-cve-2024-20440/