VDB
CVE-2024-20440
CVE-2024-20440
PUBLISHED
CVSS 7.5 HIGH
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.
EPSS 78.37% · 99.0th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
78.37%
99.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | smart_license_utility | 2.0.0, 2.1.0, 2.2.0 |
| cisco | cisco_smart_license_utility | 2.1.0, 2.0.0, 2.2.0 |
| Cisco | Cisco Smart License Utility | 2.0.0, 2.1.0, 2.2.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20440 (circl-sighting)
- CIRCL exploited: CVE-2024-20440 (circl-sighting)
- CIRCL seen: CVE-2024-20440 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-20440 (circl-sighting)
- CIRCL seen: CVE-2024-20440 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-20440 (circl-sighting)
- CIRCL exploited: CVE-2024-20440 (circl-sighting)
- CIRCL seen: CVE-2024-20440 (circl-sighting)
- CIRCL seen: CVE-2024-20440 (circl-sighting)
- CIRCL seen: CVE-2024-20440 (circl-sighting)
…and 113 more exploits
Timeline
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 Nuclei Template
- Jan 20, 1970 Fix Commit
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting