CVE-2024-20439

CVE Database · CVE-2024-20439

CVE-2024-20439

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

92.01%

Published

Sep 4, 2024

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2025-03-31 · Due: 2025-04-21

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-912CWE-798

Affected Products (1)

cisco · smart_license_utility (up to 2.3.0)vulnerable

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20439

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs