Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-20439 |
🚨 Marked as known exploited on April 10th, 2025 (7 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (9.8) EPSS Score: 89.39%
March 31st, 2025 (17 days ago)
|
|
CVE-2024-20439 |
🚨 Marked as known exploited on March 21st, 2025 (28 days ago).
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful exploit could allow the attacker to log in to the affected system with administrative privileges over the API of the Cisco Smart Licensing Utility application.
CVSS: CRITICAL (9.8) EPSS Score: 89.39% SSVC Exploitation: active
March 28th, 2025 (21 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (7 days ago).
Description: Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center.
The two critical-rated vulnerabilities in question are listed below -
CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an
CVSS: CRITICAL (9.8) EPSS Score: 89.39%
March 21st, 2025 (28 days ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (7 days ago).
Description: CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]
March 3rd, 2025 (about 2 months ago)
|