🔴 CVE-2024-20439

CVE-2024-20439 is a critical authentication bypass vulnerability in Cisco Smart License Utility due to hardcoded administrative credentials. Attackers can remotely login with administrative privileges over the CSLU application API without any authentication. Active exploitation has been observed in the wild.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1078 — Valid Accounts
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-09-04

Added to CISA KEV: 2025-03-31 208 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-20439 is a critical security vulnerability affecting the Cisco Smart Licensing Utility (CSLU) [3]. Below is a summary of the known details regarding this flaw.

Vulnerability Overview
  • Nature of Flaw: The vulnerability stems from the presence of an undocumented, static administrative credential within the Cisco Smart Licensing Utility?changeRecordedOn=04/01/2025T18:15:20.950-0400?kagi_q=CVE-2024-20439+details+exploitation+impact+affected+versions.
  • Impact: Successful exploitation allows an unauthenticated, remote attacker to log in to the affected system with administrative privileges over the application's API?changeRecordedOn=04/01/2025T18:15:20.950-0400?kagi_q=CVE-2024-20439+details+exploitation+impact+affected+versions.
  • CVSS Score: It carries a critical CVSSv3.1 score of 9.8 out of 10 [1].
Exploitation and Attack Details
  • Active Exploitation: Cisco confirmed awareness of attempted exploitation of this vulnerability in the wild as of March 2025 [5].
  • Attack Method: The vulnerability is remote and does not require authentication [3]. It can be exploited by targeting the affected API, typically found at `/cslu/v1` [2].
  • Exploitation Requirements:
* The Cisco Smart Licensing Utility must be manually started by a user and actively running for the vulnerability to be exploitable [1]. * It is often chained with another vulnerability, CVE-2024-20440, when targeting instances exposed to the internet [1].
  • PoC Availability: Details regarding the vulnerability, including the static credentials, were publicly disclosed shortly after Cisco's initial advisory, leading to the development of exploit activity and detection templates (e.g., Nuclei templates) [2] [6].
Affected Versions and Mitigation
  • Affected Versions: Cisco Smart Licensing Utility versions 2.0.0, 2.1.0, and 2.2.0 are affected [4].
  • Patch Status: Version 2.3.0 and later are not susceptible to this vulnerability [4]. Users are strongly advised to update to the latest available version to remediate the flaw [1].

Sources

  1. Active Exploitation of Vulnerabilities in Cisco Smart Licensing Utility

    CVE-2024-20439: A static credential vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to ... Both CVE-2024-20439 and CVE-2024-20440 can be chained together to target Cisco Smart Licensing Utility instances exposed to the internet. These vulnerab…

  2. Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and ...

    A quick search didn’t show any active exploitation, but details, including the backdoor credentials, were published in a blog by Nicholas Starke shortly after Cisco released its advisory [2]. So it is no surprise that we are seeing some exploit activity: The API affected by this vulnerability can be…

  3. Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent...

    Users of Cisco Smart License Utility versions 2.0.0, 2.1.0, and 2.2.0 are advised to update to a fixed release. Version 2.3.0 of the software is not susceptible to the bug. Cisco has also released updates to resolve a command injection vulnerability in its Identity Services Engine (ISE) that could p…

  4. CVE-2024-20439 Detail - NVD

    An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker ... An official website of the United States government Here's how you know ... CVE-2024-20439 Detail. Description. A vulnerability in Cisco Sma…

  5. Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart...

    CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an affected system.Cisco, in an update to its bulletin, said it "became aware of attempted exploitation of this vulnerability in the wil…

  6. CVE-2024-20439.yaml - nuclei-templates - GitHub

    An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed