Organizations using Cisco’s Smart Licensing Utility (CSLU) have been urged by the SANS Technology Institute to promptly update their software due to two significant vulnerabilities detected within the system. These vulnerabilities, which allow potential exploitation, were initially disclosed by Cisco in September. The CSLU is primarily utilized in smaller, on-premises networks to manage Cisco licenses without resorting to the more complex cloud-based options.
A warning issued by SANS on March 19 highlighted the presence of exploit activity targeting these flaws. The first vulnerability, identified as CVE-2024-20439, involves an undocumented backdoor accessible through a weak hardcoded password. SANS noted that they have observed this password being used in recent API calls. The second flaw, CVE-2024-20440, could potentially enable attackers to access log files containing sensitive information, such as API credentials.
Both vulnerabilities carry a critical severity rating with a CVSS score of 9.8, underscoring the urgency for organizations to apply patches. The affected versions of CSLU include 2.0.0, 2.1.0, and 2.2.0, while version 2.3.0 has been patched. Given that CSLU is a newer product, the presence of such vulnerabilities raises concerns about security practices. This is not the first time Cisco products have been found with hardcoded credentials, as similar flaws have been reported in other Cisco offerings.
In light of these vulnerabilities, SANS recommended immediate action to mitigate risks associated with these security gaps, emphasizing the importance of patching to enhance system integrity and protect sensitive data.
