CVE-2024-20440

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 532

Summary

CVE-2024-20440 is a high-severity vulnerability affecting Cisco Smart Licensing Utility that allows unauthenticated remote attackers to access sensitive information through excessive verbosity in a debug log file. Exploitation occurs when an attacker sends a crafted HTTP request to the affected device, potentially exposing log files containing critical data, including API credentials. The exploit has a low attack complexity and does not require user interaction or special privileges, leading to a confidentiality impact rated as high. Organizations are advised to remediate this vulnerability by applying relevant security patches provided by Cisco, as outlined in their security advisory. Failure to address this issue could lead to unauthorized access and significant risks related to data exposure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share