March 21, 2025 By Pierluigi Paganini
Experts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility.
Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Attackers can exploit the backdoor to access sensitive log files. While no active exploitation was initially observed, the publication of exploit details has led to recent attack activity.
“Multiple vulnerabilities in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running.” reads the advisory.