Critical Cisco Smart Licensing Utility flaws now exploited in attacks

Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. The CSLU Windows application allows admins to manage licenses and linked products on-premises without connecting them to Cisco's cloud-based Smart Software Manager solution. Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as "an undocumented static user credential for an administrative account" that can let unauthenticated attackers log into unpatched systems remotely with admin privileges over the API of the CSLU app. The company also addressed a second critical CLSU information disclosure vulnerability (CVE-2024-20440) that unauthenticated attackers can use to access log files containing sensitive data (including API credentials) by sending crafted HTTP requests to vulnerable devices. These two vulnerabilities only impact systems running vulnerable Cisco Smart Licensing Utility releas ... Read full article.