Cisco smart licensing system sees critical security flaws exploited

Two vulnerabilities are being abused in the wild, experts warn

21 Mar 2025, 15:08 · TechRadar

News By Sead Fadilpašić published 21 March 2025

(Image credit: Shutterstock)

Security researchers claim two Cisco Smart Licensing Utility bugs are being abused in the wild
One of the bugs is a hardcoded admin account
Both bugs were fixed in 2024, so users should update now

Cybercriminals are abusing two vulnerabilities found in Cisco Smart Licensing Utility (CSLU) to unknown ends.

Johannes Ullrich, Dean of Research at the SANS Technology Institute, noted threat actors are now chaining the two security flaws to target internet-exposed CSLU instances.

"A quick search didn't show any active exploitation at the time, but details, including the backdoor credentials, were published in a blog by Nicholas Starke shortly after Cisco released its advisory. So it is no surprise that we are seeing some exploit activity," Ullrich said.

No workarounds

CSLU is a tool that helps organizations manage and report the usage of Cisco software licenses in a more flexible and automated way.

It enables devices to connect to Cisco's Smart Licensing system, either directly or through an on-premises satellite server, to register and track entitlements without requiring constant internet access.

In September 2024, Cisco announced patching CVE-2024-20439, “undocumented static user credential for an administrative account”, which is a fancy way of saying someone left hardcoded admin credentials in the back end.

The vulnerability allowed threat actors to log into vulnerable systems remotely, over the API or the CSLU app.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors