CVE-2024-20440 PoC — Cisco Smart Licensing Utility 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-20440.yaml

Associated Vulnerability

Title:Cisco Smart Licensing Utility 安全漏洞 (CVE-2024-20440)
Description:Cisco Smart Licensing Utility（CSLU）是美国思科（Cisco）公司的一款允许客户从其本地管理许可证和相关产品实例的应用程序。 Cisco Smart Licensing Utility存在安全漏洞，该漏洞源于调试日志文件中的过度详细记录。可能允许未经身份验证的远程攻击者通过发送特制的HTTP请求来获取包含敏感数据的日志文件，包括可用于访问API的凭据。

Description

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

File Snapshot


 id: CVE-2024-20440

info:
  name: Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leakin

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!