Security researchers are sounding the alarm over active exploitation attempts targeting two now-patched critical vulnerabilities in Cisco Smart Licensing Utility (SLU). The flaws, both rated CVSS 9.8, could give attackers administrative access and expose sensitive system credentials if left unpatched.
The SANS Internet Storm Center confirmed that threat actors are now scanning for and attempting to exploit the weaknesses, which impact versions 2.0.0, 2.1.0, and 2.2.0 of Cisco’s utility. Although patches were released in September 2024, many systems remain vulnerable.
Here’s What the Two Cisco Flaws Do:
- CVE-2024-20439 (CVSS 9.8) — An undocumented static user credential tied to an administrative account could allow attackers to log in directly to the system.
- CVE-2024-20440 (CVSS 9.8) — A flaw in the debug log file handling lets attackers craft HTTP requests to access logs containing sensitive data, including API credentials.
In both cases, successful exploitation hands attackers full admin privileges and the ability to extract critical information, including credentials needed to manipulate the API.
Researchers noted the vulnerabilities only affect environments where Cisco Smart Licensing Utility is actively running. If the tool isn’t in use, the risk is minimal — but for those relying on it, the exposure is significant.
Fortunately, Cisco addressed the flaws with the release of version 2.3.0, which is not affected by either vulnerability. Users running earlier versions are strongly urged to update immediately.
According to Johannes B. Ullrich, Dean of Research at SANS Technology Institute, attackers exploiting the Cisco bugs are also weaponizing other vulnerabilities. Among them is CVE-2024-0305 (CVSS 5.3) — an information disclosure flaw in Guangzhou Yingke Electronic Technology’s Ncast product.
The scope and objective of the campaign remain unclear, as does the identity of the group behind it. However, the coordinated exploitation of multiple vulnerabilities has security experts concerned.
Urgent Patch Required as Exploitation Rises
With exploitation attempts actively underway, cybersecurity experts stress that organizations should apply patches immediately to avoid potential breaches. Given that these flaws enable attackers to gain admin control and harvest sensitive credentials, the consequences of delaying could be severe.
Cisco’s Smart Licensing Utility version 2.3.0 is fully patched against these critical vulnerabilities. If you’re still running an earlier version, updating now is your best defense.
