{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-20440","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2023-11-08T15:08:07.676Z","datePublished":"2024-09-04T16:28:49.040Z","dateUpdated":"2025-04-01T21:47:09.128Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2025-04-01T21:47:09.128Z"},"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.\r\n\r\nThis vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API."}],"affected":[{"vendor":"Cisco","product":"Cisco Smart License Utility","versions":[{"version":"2.1.0","status":"affected"},{"version":"2.0.0","status":"affected"},{"version":"2.2.0","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Insertion of Sensitive Information into Log File","type":"cwe","cweId":"CWE-532"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw","name":"cisco-sa-cslu-7gHMzWmw"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"exploits":[{"lang":"en","value":"In March 2025, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."}],"source":{"advisory":"cisco-sa-cslu-7gHMzWmw","discovery":"INTERNAL","defects":["CSCwi47950"]}},"adp":[{"affected":[{"vendor":"cisco","product":"cisco_smart_license_utility","cpes":["cpe:2.3:a:cisco:cisco_smart_license_utility:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2.1.0","status":"affected"},{"version":"2.0.0","status":"affected"},{"version":"2.2.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-05T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2024-20440"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-06T03:55:17.035Z"}}]}}