CVE-2024-20439 PoC — Cisco Smart Licensing Utility 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-20439.yaml

Associated Vulnerability

Title:Cisco Smart Licensing Utility 安全漏洞 (CVE-2024-20439)
Description:Cisco Smart Licensing Utility（CSLU）是美国思科（Cisco）公司的一款允许客户从其本地管理许可证和相关产品实例的应用程序。 Cisco Smart Licensing Utility存在安全漏洞，该漏洞源于一个未记录的静态管理员凭证，可能允许未经身份验证的远程攻击者使用该凭证登录到受影响的系统。

Description

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.

File Snapshot


 id: CVE-2024-20439

info:
  name: Hardcoded Admin Credentials For Cisco Smart Licensing Utility API


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!