Cyber Attackers Target the Critical Vulnerabilities in the Cisco Smart Licensing Utility

Hackers Exploit Cisco’s Smart Licensing Systems as Security Flaws Put Businesses at Risk

Cisco’s Smart Licensing Utility has been breached by the cybercriminals. It is stated that two critical vulnerabilities have been exploited, raising serious cybersecurity concerns for companies heavily relying on Cisco’s software. As per the reports from SANS Internet Storm Center, hackers are trying to take advantage of the flaws despite Cisco addressing the issues in a security update released in September 2024.

The two vulnerabilities found are severe and are rated with a severity score of 9.8, posing a significant risk. The first, CVE-2024-20439, involved an undocumented static user credential, thereby allowing the attackers to log in with administrative access. The second, CVE-2024-20440, routed from an excessively detailed debug log file, has been exploited through a crafted HTTP request, letting hackers obtain credentials and access sensitive API data.

As of March 2025, cyber attackers are trying to exploit these vulnerabilities alongside other security gaps aggressively, including an information disclosure flaw (CVE-2024-0305) in Guangzhou Yingke Electronic Technology’s Ncast. The motives behind this remain unclear, and the perpetrators have yet to be identified.

With active threats impending, cybersecurity experts have stressed the urgent requirement for organizations to apply patches and regularly update their systems to mitigate the potential risk of breaches and data theft.