Cyber Resilience

CVE-2024-20439

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 04 September 2024

Published
04 September 2024
Modified
28 October 2025
KEV Added
31 March 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8715 99.5th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20439 is a critical-severity Hidden Functionality (CWE-912) vulnerability in Cisco Smart License Utility. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2024-20439 is a vulnerability in Cisco Smart Licensing Utility (CSLU) stemming from an undocumented static administrative credential. The flaw, tracked under CWE-798 and CWE-912, permits unauthenticated remote access to the CSLU application API with full administrative privileges and carries a CVSS 3.1 score of 9.8.

An unauthenticated remote attacker can exploit the hardcoded credential to log directly into an affected CSLU instance. Successful exploitation grants administrative control over the licensing utility's API, enabling arbitrary actions within the application without any user interaction or prior authentication.

The Cisco Security Advisory at sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw and the CISA Known Exploited Vulnerabilities catalog both address the issue, with CISA listing the CVE as actively exploited in the wild. The associated EPSS score stands at 0.8715, indicating substantial exploitation likelihood.

EU & UK References

Vulnerability details

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account.…

more

An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.

CWE(s)
KEV Date Added
31 March 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
smart license utility
2.0.0 — 2.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires management of authenticators to prohibit undocumented static credentials such as the hardcoded administrative account in CSLU.

prevent

Enforces approved access mechanisms so that the static credential cannot be used to obtain unauthorized administrative API access.

prevent

Requires formal account management processes that would detect and eliminate the undocumented static administrative account before deployment.

References