Advisory 83: Cisco Vulnerability – CVE-2024-20439
Release Date: 31st of March 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users.
What is it?
A Vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account.
What are the Systems affected?
Vendor: Cisco
Product: Cisco Smart License Utility
Versions: Affected
- Affected at 2.1.0
- Affected at 2.0.0
- Affected at 2.2.0
What this means?
A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application
Mitigation process
CERTVU encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds. Apply mitigations per vendor instructions, follow applicable BOD 22-1 guidance for cloud services, or discontinue use of the affected product if mitigations are unavailable.
References
1.https://www.cisa.gov/known-exploited-vulnerabilities-catalog
2.https://www.cve.org/CVERecord?id=CVE-2024-20439
- Download advisory (English): Cisco Vulnerability – CVE-2024-20439