Category: IT|Sep 4, 2024 | Author: Admin

Cisco warns of backdoor admin account in Smart Licensing Utility

Share on

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges.

Cisco warns of backdoor admin account in Smart Licensing Utility

CSLU is a Windows application that helps manage licenses and linked products on-premise without connecting them to Cisco's cloud-based Smart Software Manager solution.

 

The company says this critical vulnerability (CVE-2024-20439) allows unauthenticated attackers to log into unpatched systems remotely using an "undocumented static user credential for an administrative account."

 

"A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application," it explained.

 

Cisco also released security updates for a critical CLSU information disclosure vulnerability (CVE-2024-20440) that unauthenticated threat actors can exploit to access log files containing sensitive data (including API credentials) by sending crafted HTTP requests to affected devices.

 

The two security vulnerabilities only impact systems running a vulnerable Cisco Smart Licensing Utility release, regardless of their software configuration. The security flaws are only exploitable if a user starts the Cisco Smart Licensing Utility, which is not designed to run in the background.

 

Cisco Smart License Utility Release

Sponsored Ads:

Comments:


Microsoft_logo-10-02-25.png

Microsoft raises rewards for Copilot AI bug bounty program

Category: General|Feb 10, 2025 | Author: Admin
Chrome-09-02-25.png

Microsoft has a sneaky new strategy for keeping you on Edge and away from Chrome

Category: Microsoft|Feb 9, 2025 | Author: Admin
city-lights-008-02-25.png

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Category: Microsoft|Feb 8, 2025 | Author: Admin
cloudflare-07-02-25.png

Cloudflare outage caused by botched blocking of phishing URL

Category: IT|Feb 7, 2025 | Author: Admin
windows-blue-background-06-02-25.png

New Microsoft script updates Windows media with bootkit malware fixes

Category: Microsoft|Feb 6, 2025 | Author: Admin
Microsoft_Office-05-02-25.png

This Microsoft Office Standalone license deal comes with AI improvements

Category: Microsoft|Feb 5, 2025 | Author: Admin
7-zip-red-bright-04-02-25.png

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

Category: IT|Feb 4, 2025 | Author: Admin
Microsoft_Defender-03-02-25.jpg

Microsoft kills off Defender 'Privacy Protection' VPN feature

Category: Microsoft|Feb 3, 2025 | Author: Admin
back-pypi-02-02-25.png

PyPI adds project archiving system to stop malicious updates

Category: IT|Feb 2, 2025 | Author: Admin
ai-cybersecurity-hacker-01-02-25.png

Google says hackers abuse Gemini AI to empower their attacks

Category: IT|Feb 1, 2025 | Author: Admin
Chromium-headpic-31-01-25.png

Microsoft improves text contrast for all Windows Chromium browsers

Category: Microsoft|Jan 31, 2025 | Author: Admin
Google_Chrome-30-01-25.png

New Syncjacking attack hijacks devices using Chrome extensions

Category: Google|Jan 30, 2025 | Author: Admin
Google-Chrome-29-01-25.png

Google to kill Chrome Sync on older Chrome browser versions

Category: Google|Jan 29, 2025 | Author: Admin
Microsoft-28-01-25.png

Microsoft gives OpenAI some breathing room

Category: Microsoft|Jan 28, 2025 | Author: Admin
Windows-11-27-01-25.png

Windows 11 24H2 preview brings new taskbar features

Category: Microsoft|Jan 27, 2025 | Author: Admin
more