CVE-2024-20439
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.
| CWE | CWE-912 |
| Vendor | cisco |
| Product | cisco smart license utility |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Sep 4, 2024 |
| Last Updated | Oct 21, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for cisco cisco smart license utility
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-20439.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Cisco / Cisco Smart License Utility
2.1.0 2.0.0 2.2.0