CVE-2024-20440 HIGH

CVE-2024-20440

Vendor Cisco
Product Cisco Smart License Utility
Weakness CWE-532 · Sensitive info in logs
Published September 4, 2024
Last update April 1, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

Key dates

02Disclosure timeline

September 4, 2024 CVE published
April 1, 2025 Record updated