cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20439,https://securityvulnerability.io/vulnerability/CVE-2024-20439,Unauthenticated Remote Attackers Can Log in to Cisco Systems with Administrative Privileges,"A significant vulnerability exists in the Cisco Smart Licensing Utility due to the presence of an undocumented static user credential for an administrative account. This flaw allows an attacker to remotely log into an affected system without authentication, by utilizing these static credentials. Once inside, the attacker gains administrative privileges through the API of the application, potentially compromising the system's integrity and security. Organizations utilizing this software are urged to assess their security measures and implement necessary patches as detailed in the security advisory.",Cisco,Cisco Smart License Utility,9.8,CRITICAL,0.168830007314682,false,,false,false,true,2024-09-06T04:15:03.000Z,,false,false,,2024-09-04T17:15:00.000Z,0
CVE-2024-20440,https://securityvulnerability.io/vulnerability/CVE-2024-20440,Cisco Smart Licensing Utility Information Disclosure Vulnerability,"A vulnerability exists in the Cisco Smart Licensing Utility that allows remote attackers to access sensitive information via excessive verbosity in a debug log file. By sending a specially crafted HTTP request to the affected device, an unauthenticated attacker can exploit this issue to extract log files containing sensitive data, including credentials that could be exploited for unauthorized API access. Organizations using the affected versions should assess their exposure and consider implementing mitigations to prevent the unauthorized disclosure of sensitive information.",Cisco,Cisco Smart License Utility,7.5,HIGH,0.0565899983048439,false,,false,false,true,2024-09-06T04:15:03.000Z,,false,false,,2024-09-04T17:15:00.000Z,0