CVE-2024-20440

Опубликовано: 04 сент. 2024

Источник: nvd

CVSS3: 7.5

EPSS Высокий

Описание

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.

This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:smart_license_utility:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:smart_license_utility:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:smart_license_utility:2.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.77265

Высокий

7.5 High

CVSS3

Дефекты

CWE-532

Связанные уязвимости

GHSA-g9j7-w55p-jq3w

CVSS3: 7.5

github

больше 1 года назад

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

BDU:2024-06720

CVSS3: 9.8

fstec