![Apple to Focus on Battery Life and Power Efficiency in Future Premium Devices [Rumor]](https://www.iclarified.com/images/news/96781/96781/96781-640.jpg)
![Apple Reorganizes Executive Team to Rescue Siri [Report]](https://www.iclarified.com/images/news/96777/96777/96777-640.jpg)
_Federico_Caputo_Alamy.jpg?#)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
![Release: Rendering Ranger: R² [Rewind]](https://images-3.gog-statics.com/48a9164e1467b7da3bb4ce148b93c2f92cac99bdaa9f96b00268427e797fc455.jpg)
Hackers Exploiting Multiple Cisco Smart Licensing Utility Vulnerabilities
Researchers have detected active exploitation attempts targeting two critical vulnerabilities in Cisco’s Smart Licensing Utility that were patched approximately six months ago. Threat actors leverage these flaws, which could potentially grant unauthorized access to sensitive licensing data and administrative functions. The attacks target two critical vulnerabilities in Cisco Smart Licensing Utility that were disclosed in […] The post Hackers Exploiting Multiple Cisco Smart Licensing Utility Vulnerabilities appeared first on Cyber Security News.
Researchers have detected active exploitation attempts targeting two critical vulnerabilities in Cisco’s Smart Licensing Utility that were patched approximately six months ago.
Threat actors leverage these flaws, which could potentially grant unauthorized access to sensitive licensing data and administrative functions.
The attacks target two critical vulnerabilities in Cisco Smart Licensing Utility that were disclosed in early September 2024.
CVE-2024-20439, with a maximum CVSS score of 9.8, functions essentially as a “backdoor,” allowing unauthenticated, remote attackers to access the software using hardcoded credentials.
The second vulnerability, CVE-2024-20440, also rated 9.8, involves “excessive verbosity in a debug log file” that exposes sensitive information, including API credentials.
Security researcher Nicholas Starke from Aruba, a Hewlett Packard Enterprise company, revealed that the vulnerable versions of the Cisco utility (2.0.0 through 2.2.0) contain a static administrative password: Library4C$LU.
This credential is embedded within the application’s API authentication mechanism, providing attackers with administrative privileges if successfully exploited.
Cisco Smart Licensing Utility Vulnerability
According to SANS researchers, attackers are sending specifically crafted HTTP requests to exploit these vulnerabilities.
One identified attack pattern shows threat actors attempting to access the API endpoint at /cslu/v1/scheduler/jobs using the hardcoded credentials. The HTTP request headers contain:
The Base64-encoded string in the Authorization header decodes to cslu-windows-client:Library4C$LU, matching the credentials identified in Starke’s research.
When successful, this grants attackers administrative access to the licensing utility, potentially allowing them to manage associated services or extract sensitive information from vulnerable systems.
The threat actors aren’t limiting their efforts to just Cisco products. The same group is also attempting to exploit other vulnerabilities, including what appears to be CVE-2024-0305, which affects certain DVR systems:
This suggests a broader scanning campaign targeting internet-exposed devices with known vulnerabilities.
Johannes Ullrich, Dean of Research at SANS, noted the irony that “it’s always fun to see how cheap IoT devices and expensive enterprise security software share similar basic vulnerabilities” – both often containing hardcoded credentials that provide backdoor access.
Mitigations
Organizations utilizing Cisco Smart Licensing Utility should immediately update to version 2.3.0, which is not vulnerable to these exploits.
Network administrators should also examine logs for unauthorized access attempts targeting the /cslu/v1 endpoint, particularly those containing the compromised credentials.
Cisco has stated that these vulnerabilities are “not exploitable unless the Cisco Smart Licensing Utility was started by a user and is actively running,” though this provides little comfort given the widespread deployment of the software.
As exploitation attempts continue to increase, prompt patching remains the most effective mitigation against these critical security flaws.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Hackers Exploiting Multiple Cisco Smart Licensing Utility Vulnerabilities appeared first on Cyber Security News.
.webp?#)
