Skip to main content

Advisories address two critical vulnerabilities in Smart Licensing Utility and one medium vulnerability in Identity Service Engine

Threat ID:CC-4543
Threat Severity:Medium
Published:6 September 2024 12:20 PM

Summary

Advisories address two critical vulnerabilities in Smart Licensing Utility and one medium vulnerability in Identity Service Engine

Affected platforms

The following platforms are known to be affected:

Cisco ISE
Cisco Smart Software ManagerCisco Smart Licensing Utility

Note: Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
  • Smart Software Manager On-Prem
  • Smart Software Manager Satellite

Threat details

Proof-of-concept exploit code for CVE-2024-20469

Cisco has stated they are aware of of the existence of proof-of-concept exploit code for CVE-2024-20469. Exploitation is considered more likely.


Introduction

Cisco has released a security advisory relating to two critical severity vulnerabilities in Smart Licensing Utility. Cisco Smart License Utility (CSLU) is an application that enables customers to administer licenses and their associated Product Instances from their premises instead of having to directly connect their Smart Licensed enabled Product Instances to Cisco Smart Software Manager (CSSM).

  • CVE-2024-20439 has a CVSSv3 score of 9.8 and could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. 
  • CVE-2024-20440 has a CVSSv3 score of 9.8 and could allow an unauthenticated, remote attacker to access sensitive information.  

Cisco has also released an advisory regarding a command injection vulnerability affecting Identity Services Engine. Identity Services Engine is a security policy management platform that provides secure network access to end users and devices.

  • CVE-2024-20469 has a CVSSv3 score of 6.0 and could allow an authenticated, local attacker to perform command injection attacks on the underlying operating systems and escalate privileges to root. To exploit this vulnerability, the attacker must have valid administrator privileges.

Remediation advice

Affected organisations are encouraged to review the Cisco Security Advisories page and apply the relevant updates detailed in the advisories below. 

Remediation steps

   
Patch

Cisco Smart Licensing Utility Vulnerabilities | cisco-sa-cslu-7gHMzWmw


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
Patch

Cisco Identity Services Engine Command Injection Vulnerability | cisco-sa-ise-injection-6kn9tSxm


https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-6kn9tSxm

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-20439A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.
StatusPublished
CVE-2024-20440A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.
StatusPublished
CVE-2024-20469A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Last edited: 6 September 2024 12:20 pm

Back to top