Cisco fixed two critical vulnerabilities (CVE-2024-20439, CVE-2024-20440) in its Smart Licensing Utility that allow remote attackers to gain admin access or steal data. The issues affect versions 2.0.0-2.2.0 but are resolved in 2.3.0. A separate command injection flaw in Cisco ISE (CVE-2024-20469) allows local privilege escalation, affecting ISE 3.2 and 3.3. Updates are advised.
https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html
crack-vault.de
#crackvault