CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-20439

CVSS 9.8v3.1pub. 2024-09-04upd. 2025-10-28

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.

🤖 AI Analysis
How it works

The CSLU application code contains a static, undocumented administrative account with an immutable password (CWE-912: hidden functionality, CWE-798: hardcoded credentials). An attacker who obtains these credentials can send a login request to the application's API interface without any prior authorization. Because the credentials are identical across all CSLU installations, every network-accessible vulnerable instance is equally exposed. The attack requires no user interaction or special network conditions.

Impact

An attacker gains full administrative access to the Cisco Smart Licensing Utility API interface, enabling reading and modification of licensing configuration and potentially serving as an entry point for further lateral movement within the organization's network.

Mitigation & patch

Apply patches available from the vendor according to the references — detailed information about patched versions is contained in the Cisco advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw. Until the patch is deployed, it is recommended to restrict network access to the CSLU API interface exclusively to trusted hosts (firewall, ACL).

Who is affected

Cisco Smart Licensing Utility (CSLU) — versions indicated in the vendor's references (Cisco advisory cisco-sa-cslu-7gHMzWmw)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Smart License Utility

    APP
    Cisco
    2.0.0 – 2.3.0 (bez)

CISA KEV — detailsi

Vendori
Cisco
Producti
Smart Licensing Utility
Added to KEVi
March 31, 2025
Remediation deadline (US Federal)i
April 21, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 21 kwietnia 2025
CWE
References

Related vulnerabilities

CVE-2024-20440HIGH7.5ten sam produkt

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sen...

CVE-2026-20182CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym

CVE-2026-20131CRITICAL10.0⚠ KEVPL ✓ten sam vendor

RCE przez insecure deserialization w Cisco Secure Firewall Management Center

CVE-2026-20127CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień

CVE-2025-20393CRITICAL10.0⚠ KEVPL ✓ten sam vendor

RCE z uprawnieniami root w Cisco Secure Email Gateway i Secure Email and Web Manager