Cisco patched two critical vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in its Smart Licensing Utility. These vulnerabilities allowed attackers to exploit hardcoded admin credentials and access debug logs with sensitive information. Another vulnerability (CVE-2024-20469) in the Cisco Identity Services Engine (ISE) allowed local privilege escalation.
Scope
These vulnerabilities posed a severe risk, with a CVSS score of 9.8, potentially allowing attackers to gain remote access and elevated privileges in enterprise environments.
Recommendations
Organizations using Cisco products should immediately upgrade to the latest patched versions and ensure regular software updates are applied. Continuous vulnerability scanning is also advised to prevent exploitation of such critical flaws.
Labels:
News
