CVE-2024-20440

CVE Database · CVE-2024-20440

CVE-2024-20440

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

51.47%

Published

Sep 4, 2024

Modified

Sep 19, 2024

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-532CWE-532

Affected Products (3)

cisco · smart_license_utilityvulnerable

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs