CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 21, 2025
Description
Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.
EPSS — Exploit Probability
86.3%
Higher than 99.4% of all CVEs
Required Action
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw ; https://nvd.nist.gov/vuln/detail/CVE-2024-20439
Risk Assessment
HIGHIn CISA KEV
High EPSS
Details
- Severity
- High
- EPSS
- 86.3%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Mar 31, 2025
Added to KEV
Mar 31, 2025
Remediation Due
Apr 21, 2025