CVE-2024-20439

Summary

CVE-2024-20439 is a critical vulnerability in the Cisco Smart Licensing Utility that allows unauthenticated remote attackers to log in using a static administrative credential. This security flaw arises from an undocumented static user credential for an administrative account, enabling attackers to gain administrative access through the API. A successful exploit can lead to severe impacts including high integrity and confidentiality breaches, as well as potential availability disruptions. Remediation involves updating the Cisco Smart Licensing Utility to eliminate the use of static administrative credentials. Organizations using affected products should take immediate action to mitigate the risk associated with this vulnerability, rated with a CVSS score of 9.8 indicating high severity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.