Cisco has eliminated a backdoor account within the Cisco Sensible Licensing Utility (CSLU) that can be utilized to log into unpatched methods with administrative privileges.
CSLU is a Home windows software that helps handle licenses and linked merchandise on-premise with out connecting them to Cisco’s cloud-based Sensible Software program Supervisor resolution.
The corporate says this crucial vulnerability (CVE-2024-20439) permits unauthenticated attackers to log into unpatched methods remotely utilizing an “undocumented static user credential for an administrative account.”
“A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application,” it defined.
Cisco additionally launched safety updates for a crucial CLSU info disclosure vulnerability (CVE-2024-20440) that unauthenticated menace actors can exploit to entry log recordsdata containing delicate knowledge (together with API credentials) by sending crafted HTTP requests to affected units.
The 2 safety vulnerabilities solely affect methods working a weak Cisco Sensible Licensing Utility launch, no matter their software program configuration. The safety flaws are solely exploitable if a person begins the Cisco Sensible Licensing Utility, which isn’t designed to run within the background.
| Cisco Sensible License Utility Launch | First Fastened Launch |
|---|---|
| 2.0.0 | Migrate to a hard and fast launch. |
| 2.1.0 | Migrate to a hard and fast launch. |
| 2.2.0 | Migrate to a hard and fast launch. |
| 2.3.0 | Not weak. |
The Cisco Product Safety Incident Response Staff (PSIRT) says it has but to search out public exploits or proof of menace actors exploiting the safety flaws in assaults.
This is not the primary backdoor account Cisco has faraway from its merchandise lately. Earlier undocumented hardcoded credentials have been discovered within the firm’s Digital Community Structure (DNA) Middle, IOS XE, and Huge Space Utility Providers (WAAS) software program.
Final month, Cisco additionally patched a most severity vulnerability (CVE-2024-20419) that allows attackers to alter any person password on unpatched Cisco Sensible Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers. Three weeks later, the corporate stated that exploit code had been printed on-line and warned admins to patch their SSM On-Prem servers to dam potential assaults.
In July, Cisco mounted an NX-OS zero-day (CVE-2024-20399) that had been exploited since April to put in beforehand unknown malware as root on weak MDS and Nexus switches.
Cisco additionally warned in April that state-backed hackers (tracked as UAT4356 and STORM-1849) exploited two different zero-day bugs (CVE-2024-20353 and CVE-2024-20359) to breach authorities networks worldwide
