CVE-2024-20440

2024-09-0417:15:13

CWE-532

[email protected]

web.nvd.nist.gov

cisco

smart licensing utility

vulnerability

debug log

excessive verbosity

http request

sensitive data

credentials

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.2%

JSON

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.

This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

Affected configurations

Nvd

Node

ciscosmart_license_utilityMatch2.0.0

ciscosmart_license_utilityMatch2.1.0

ciscosmart_license_utilityMatch2.2.0

VendorProductVersionCPE
ciscosmart_license_utility2.0.0cpe:2.3:a:cisco:smart_license_utility:2.0.0:*:*:*:*:*:*:*
ciscosmart_license_utility2.1.0cpe:2.3:a:cisco:smart_license_utility:2.1.0:*:*:*:*:*:*:*
ciscosmart_license_utility2.2.0cpe:2.3:a:cisco:smart_license_utility:2.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	smart_license_utility	2.0.0	cpe:2.3:a:cisco:smart_license_utility:2.0.0:::::::*
cisco	smart_license_utility	2.1.0	cpe:2.3:a:cisco:smart_license_utility:2.1.0:::::::*
cisco	smart_license_utility	2.2.0	cpe:2.3:a:cisco:smart_license_utility:2.2.0:::::::*