Cisco warns of CSLU backdoor admin account used in attacks

Cisco has warned admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. CSLU is a Windows app for managing licenses and linked products on-premises without connecting them to Cisco's cloud-based Smart Software Manager solution. Cisco patched this security flaw (CVE-2024-20439) in September, describing it as "an undocumented static user credential for an administrative account" that lets unauthenticated attackers log into unpatched systems remotely with admin privileges over the Cisco Smart Licensing Utility (CSLU) app's API. CVE-2024-20439 only impacts systems running vulnerable Cisco Smart Licensing Utility releases, but it's only exploitable if the user starts the CSLU app (which doesn't run in the background by default). Aruba threat researcher Nicholas Starke reverse-engineered the vulnerability two weeks after Cisco released security patches and published a write-up with technical deta ... Read full article.