Attackers can slip into Cisco Smart Licensing Utility through a backdoor
Important security updates have been released for several products from network equipment supplier Cisco.
Vulnerabilities threaten Cisco devices.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Due to several vulnerabilities, attacks on Cisco Expressway Edge, Duo Epic for Hyperdrive, Identity Services Engine, Meraki Systems Manager and Smart Licensing Utility are conceivable. Security patches provide a remedy. Admins can find information on the patched versions in the warning messages linked below this article.
Critical vulnerabilities
Smart Licensing Utility is threatened by two"critical" vulnerabilities (CVE-2024-20439, CVE-2024-20440). In the first case, a remote attacker can access instances without logging in based on static admin credentials. With the admin rights of the account, an attacker gains full control.
Videos by heise
In the second case, an attacker can view access data by sending manipulated HTTP requests in order to spread even further.
Further dangers
Due to a vulnerability (CVE-2024-20430 "high"), Meraki Systems Manager Agent for Windows can swallow a DLL file prepared with malicious code. If such an attack succeeds, an attacker can execute malicious code with system rights.
Exploit code is already circulating for the vulnerability (CVE-2024-20469 "medium") in Identity Services Engine. There is currently no evidence of attacks already in progress. However, an attacker already needs admin rights to be able to upgrade to root.
If an attacker successfully exploits the remaining gaps, they can view sensitive information in plain text in Duo Epic for Hyperdrive (CVE-2024-20503 "medium"). With Expressway Edge, an attacker can, among other things, interrupt calls (CVE-2024-20497"medium").
List sorted by threat level in descending order:
- Smart Licensing Utility
- Meraki Systems Manager Agent for Windows
- Identity Services Engine
- Duo Epic for Hyperdrive
- Expressway Edge
(des)
