Cisco smart licensing system sees critical security flaws exploited

News
By published

Two vulnerabilities are being abused in the wild, experts warn

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)
  • Security researchers claim two Cisco Smart Licensing Utility bugs are being abused in the wild
  • One of the bugs is a hardcoded admin account
  • Both bugs were fixed in 2024, so users should update now

Cybercriminals are abusing two vulnerabilities found in Cisco Smart Licensing Utility (CSLU) to unknown ends.

Johannes Ullrich, Dean of Research at the SANS Technology Institute, noted threat actors are now chaining the two security flaws to target internet-exposed CSLU instances.

"A quick search didn't show any active exploitation at the time, but details, including the backdoor credentials, were published in a blog by Nicholas Starke shortly after Cisco released its advisory. So it is no surprise that we are seeing some exploit activity," Ullrich said.

No workarounds

CSLU is a tool that helps organizations manage and report the usage of Cisco software licenses in a more flexible and automated way.

It enables devices to connect to Cisco's Smart Licensing system, either directly or through an on-premises satellite server, to register and track entitlements without requiring constant internet access.

In September 2024, Cisco announced patching CVE-2024-20439, “undocumented static user credential for an administrative account”, which is a fancy way of saying someone left hardcoded admin credentials in the back end.

The vulnerability allowed threat actors to log into vulnerable systems remotely, over the API or the CSLU app.

At the same time, Cisco addressed CVE-2024-20440, an information disclosure vulnerability that threat actors used to access log files with sensitive information such as API credentials.

Abusing these flaws isn’t that straightforward, BleepingComputer notes, since it requires the victim to run the CSLU app in the background, which isn’t its default setting.

In any case, both vulnerabilities were patched, and there are no workarounds, so the only way to secure your instances is to apply the patch.

In the security advisory for the flaws, Cisco said it was “not aware” of any public announcements or malicious use, meaning the pages have not yet been updated.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Cisco patches critical security issues, so update now
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Latest in Security
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Latest in News
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
Apple's Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
Spotify's new Concerts Near You playlist feature showing a list of songs by local touring artists
Spotify has launched a new Concerts Near You playlist, making it easier for you to see if your favorite artists are performing in your area
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
The new Dr. Squatch Call of Duty collection.
Latest Call of Duty collaboration finally lets you rub your body with Soap - and I can't believe I just wrote that
Samsung S95D with peacock feather on screen
Samsung says an OLED-beating new screen tech could come sooner than we thought – but I wouldn't expect it in 4K TVs right away
More about security
An image of network security icons for a network encircling a digital blue earth.

US government warns agencies to make sure their backups are safe from NAKIVO security issue
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol

Veeam urges users to patch security issues which could allow backup hacks
Concept art representing cybersecurity principles

Navigating the rise of DeepSeek: balancing AI innovation and security
See more latest
Most Popular
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 22 (game #384)
A collage of Mikey Madison's Anora, Sadie Sink's O'Dessa, and Glinda and Elphaba in Wicked
7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (March 21)
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 22 (game #1153)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 22 (game #650)
Apple's Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
A person working on a laptop outside.
HP's new built-in eSIM lets you stay connected to the internet, even without Wi-Fi
A pair of Lenovo Legion Go S models on a desk
Finally, the more powerful Lenovo Legion Go S model has a release date - but the price is a gut punch
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
SluTune Q1 Bluetooth speaker
I love this super-slim, sleep-friendly Bluetooth speaker – but the name's a nightmare