Imechapishwa: Apr 11, 2025 08:53
Advisory No: TZCERT-SA-25-0085
Source: Cisco
Software Affected: Cisco Smart Licensing Utility
Cisco Smart Licensing Utility is affected by two critical vulnerabilities. The vulnerabilities could allow a remote attacker to gain access to the sensitive information on the affected device.
Cisco Smart Licensing Utility is affected by critical vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440, with CVSS base scores of 9.8 each. The vulnerabilities result from undocumented static user credentials for an administrative account and excessive verbosity in a debug log file. Successful exploitation could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running.
Successful exploitation of these vulnerabilities may allow the attacker to gain access to sensitive information.
Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
