Two critical security vulnerabilities in Cisco Smart Licensing Utility are being actively targeted by threat actors, according to the SANS Internet Storm Center.

The flaws, CVE-2024-20439 and CVE-2024-20440, both carry a CVSS score of 9.8 and could allow attackers to gain administrative access and extract sensitive credentials through crafted HTTP requests. Successful exploitation would enable unauthorized logins and access to debug log files containing critical data. However, these vulnerabilities are only exploitable when the utility is actively running.

Cisco addressed the security flaws in September 2024 by releasing version 2.3.0, which is not affected by the issues. The vulnerabilities impact earlier versions 2.0.0, 2.1.0, and 2.2.0, making it essential for organizations using these versions to update their systems immediately. Despite the patches, as of March 2025, researchers have detected active exploitation attempts. Johannes B. Ullrich, Dean of Research at the SANS Technology Institute, noted that attackers are also leveraging other vulnerabilities, including an information disclosure flaw (CVE-2024-0305) in Guangzhou Yingke Electronic Technology Ncast.

The motivations behind these attacks and the identities of the threat actors remain unknown. However, given the ongoing exploitation, organizations using Cisco Smart Licensing Utility must promptly apply the necessary patches to safeguard their systems. Failing to do so could leave them vulnerable to unauthorized access and data breaches.