CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.822

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 7.5

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw

Products affected by CVE-2024-20440

Cisco » Smart License Utility » Version: 2.0.0

cpe:2.3:a:cisco:smart_license_utility:2.0.0
Cisco » Smart License Utility » Version: 2.1.0

cpe:2.3:a:cisco:smart_license_utility:2.1.0
Cisco » Smart License Utility » Version: 2.2.0

cpe:2.3:a:cisco:smart_license_utility:2.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20440

Products

Pricing

Contact Us