On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user.
- CVE-2024-20439 (Static Credential Vulnerability) – Allows unauthenticated, remote attackers to gain administrative access by leveraging a static, undocumented credential. Using this static credential, an attacker can log in to the system with full administrative privileges through the application’s API.
- CVE-2024-20440 (Information Disclosure Vulnerability) – Allows unauthenticated, remote attackers to access sensitive information due to overly detailed logging in a debug log file. By sending a specially crafted HTTP request to an affected device, an attacker could retrieve log files containing sensitive data, such as credentials for API access.
Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.
Arctic Wolf has not observed any exploitation of CVE-2024-20439 or CVE-2024-20440 in the wild, nor have we identified any publicly available proof of concept (PoC) exploit code. Given the history of Cisco products being targeted by threat actors, as shown by numerous entries in CISA’s Known Exploited Vulnerabilities Catalog, there is a possibility that these vulnerabilities might attract attention soon due to their potential for access and ease of exploitation.
Additional Cisco Vulnerability Fix
Cisco has also released fixes for CVE-2024-20469 in Cisco Identity Services Engine (ISE), which allows an authenticated local attacker with Administrator privileges to perform command injection attacks and gain root access on the underlying operating system. Although CVE-2024-20469 is considered to be of lower severity compared to other vulnerabilities, Cisco has acknowledged that PoC exploit code for this vulnerability is publicly available.
Recommendations for CVE-2024-20439 & CVE-2024-20440
Upgrade to Latest Fixed Release
Arctic Wolf strongly recommends that customers upgrade to the latest fixed release.
| Product | Vulnerability | Affected Version | Patching Guidance |
| Cisco Smart License Utility | CVE-2024-20439, CVE-2024-20440 | 2.0.0 | Migrate to a fixed release. |
| 2.1.0 | Migrate to a fixed release. | ||
| 2.2.0 | Migrate to a fixed release. | ||
| 2.3.0 | Not affected. | ||
| Cisco Identity Services Engine | CVE-2024-20469 | 3.1 and earlier | Not affected. |
| 3.2 | 3.2P7 (Sep 2024) | ||
| 3.3 | 3.3P4 (Oct 2024) | ||
| 3.4 | Not affected |
Please follow your organization’s patching and testing guidelines to avoid any operational impact.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
