Attackers exploit backdoor in Cisco Smart Licensing Utility

Security researchers report that attackers are currently beginning to exploit two vulnerabilities in Cisco Smart Licensing Utility. This allows them to gain access with admin rights. Security patches have been available for some time.

Patch now!

Due to the attack attempts documented by the Internet Storm Center (ISC), admins should update their instances immediately. The "critical" vulnerabilities (CVE-2024-20439, CVE-2024-20440) have been known since the beginning of September 2024. The ISC states that unknown attackers are now combining the two vulnerabilities.

Security patches for versions 2.0.0, 2.1.0 and 2.2.0 have also been available since the vulnerabilities became known. Cisco Smart Licensing Utility 2.3.0 is not vulnerable according to Cisco. Unfortunately, the network equipment supplier does not list the specific version names of the patched versions in the warning message about the gaps.

Backgrounds

The first vulnerability is a backdoor. At this point, attackers can gain access with admin rights via a static password. The second vulnerability allows attackers to gain unauthorized access to log files, which may contain access data, among other things, by sending manipulated HTTPS requests. Attacks should be possible remotely and without authentication.

In a report published shortly after the vulnerabilities became known, a security researcher provides details of the backdoor vulnerability.

So far, Cisco has not supplemented the warning message with regard to the first documented attack attempts. However, it seems likely that attacks are now on the increase. Accordingly, admins should act quickly and secure their systems against the current attacks.

(des)