{"uuid": "e49e5ff3-cc60-4b0f-b772-473ad67c3c8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Cisco Smart Licensing Utility", "description": "Two critical vulnerabilities in Cisco's Smart Licensing Utility allow remote, unauthenticated attackers to gain privileges or access sensitive data.\n\nVulnerabilities:\n\n* CVE-2024-20439 (CVSS: 9.8): An undocumented static admin account can be exploited to access affected systems. \n* CVE-2024-20440 (CVSS: 7.5): An overly verbose debug log can be exploited via a crafted HTTP request, exposing API credentials.\n\n\u26a0\ufe0f These issues are only exploitable if the licensing utility is actively running.\nCisco strongly advises updating systems to mitigate these threats.", "creation_timestamp": "2024-09-05T09:27:20.424936+00:00", "timestamp": "2024-09-05T15:32:24.185197+00:00", "related_vulnerabilities": ["CVE-2024-20440", "CVE-2024-20439"], "author": {"login": "gally", "name": "Jean-Louis Huynen", "uuid": "8ef3179e-6ae2-42ba-9d27-75d713d75f20"}}