Two critical vulnerabilities in Cisco's Smart Licensing Utility allow remote, unauthenticated attackers to gain privileges or access sensitive data.

Vulnerabilities:

• CVE-2024-20439 (CVSS: 9.8): An undocumented static admin account can be exploited to access affected systems.
• CVE-2024-20440 (CVSS: 7.5): An overly verbose debug log can be exploited via a crafted HTTP request, exposing API credentials.

⚠️ These issues are only exploitable if the licensing utility is actively running. Cisco strongly advises updating systems to mitigate these threats.