CVE-2024-20439 - Cisco Smart Licensing Utility
AI Vulnerability ContextA vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could a...
Overview
A source-backed snapshot of this vulnerability.
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2024-20439
- Vendor/project
- Cisco
- Product
- Smart Licensing Utility
- Vulnerability name
- Cisco Smart Licensing Utility Static Credential Vulnerability
- Date added
- 2025-03-31
- Due date
- 2025-04-21
- Known ransomware campaign use
- Unknown
- CVSS v3
- 9.8
Exploit context
What the vulnerability is about.
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
