The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU) and allows unauthenticated, remote attackers to gain administrative access to affected systems through an undocumented, static credential. Johannes Ullrich, Dean of Research at the SANS Technology Institute, confirmed that threat actors are actively exploiting this vulnerability, especially after technical details, including the backdoor credentials, were published online. The combination of these vulnerabilities creates a particularly dangerous attack vector, allowing attackers to both gain administrative access and harvest credentials for further system compromise. As the CISA KEV catalog continues to be the authoritative source for tracking exploited vulnerabilities, security teams should incorporate it into their vulnerability management prioritization frameworks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This backdoor-like access exists due to hardcoded credentials embedded within the application, providing attackers with full administrative privileges over the CSLU API. The threat actors behind these exploitation attempts are also targeting other vulnerabilities, including CVE-2024-0305, which affects Guangzhou Yingke Electronic DVRs. The vulnerability impacts Cisco Smart Licensing Utility versions 2.0.0 through 2.2.0, with version 2.3.0 confirmed as not vulnerable. It’s important to note that these vulnerabilities only affect systems where the CSLU has been manually started, as it doesn’t run in the background by default. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Apr 2025 07:30:04 +0000