9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
The Cisco Smart Licensing Utility has two serious vulnerabilities that hackers can easily exploit. Quick patching is the only solution. Cisco hasn’t been particularly smart with its Smart
The Cisco Smart Licensing Utility has two serious vulnerabilities that hackers can easily exploit. Quick patching is the only solution.
Cisco hasn’t been particularly smart with its Smart Licensing Utility. This tool contains two vulnerabilities with a CVSS score of 9.8, so feel free to call them criticisms. Both vulnerabilities are unrelated, but they allow an attacker to obtain sensitive information or even take over the entire licensing service.
The first flaw is called CVE-2024-20439. This allows attackers to log in using static, hard-coded administrator credentials. Those who succeed will gain full administrative access.
The second flaw, CVE-2024-20440, allows an attacker to collect log files containing sensitive data via an HTTP request. This can include API credentials. Once hackers get their hands on it, they’re back in full control.
Cisco notes that despite their severity, the vulnerabilities can only be exploited if a user has actually launched and run the Smart Licensing Utility. At this point, the flaw has not yet been exploited by malicious individuals.
A patch is available and installing it is the only way to protect yourself from the flaws. Cisco says there is no temporary workaround.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
