ET WEB_SPECIFIC_APPS Cisco Smart Licensing Utility API Hardcoded Admin Credentials (CVE-2024-20439)

SID: 2056147Rev: 137 views

Sourceet/open

CreatedSeptember 24, 2024

UpdatedSeptember 24, 2024

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Cisco Smart Licensing Utility API Hardcoded Admin Credentials (CVE-2024-20439)"; flow:established,to_server; http.uri; content:"/cslu/"; startswith; http.header; content:"Authorization|3a 20|Basic|20|Y3NsdS13aW5kb3dzLWNsaWVudDpMaWJyYXJ5NEMkTFU="; fast_pattern; reference:url,github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-20439.yaml; reference:cve,2024-20439; classtype:attempted-admin; sid:2056147; rev:1; metadata:affected_product Cisco_Smart_Licensing, attack_target Server, tls_state TLSDecrypt, created_at 2024_09_24, cve CVE_2024_20439, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_09_24, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1078, mitre_technique_name Valid_Accounts;)

References

url	github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-20439.yaml
cve	2024-20439

Metadata

affected productCisco_Smart_Licensing

attack targetServer

tls stateTLSDecrypt

created at2024_09_24

cveCVE-2024-20439

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

updated at2024_09_24

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1078

mitre technique nameValid_Accounts

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!