Threat actors have been ramping up intrusions leveraging a pair of critical Cisco Smart Licensing Utility vulnerabilities patched in September over the past week, Cybersecurity Dive reports.
Exploitation of the the static credential flaw, tracked as CVE-2024-20439, through the use of simple fixed passwords could facilitate the compromise of a log file exposed by the information disclosure bug, tracked as CVE-2024-20440, and eventual access of targeted devices, according to SANS Internet Storm Center's Johannes Ullrich, who remains uncertain of the success of the attempted exploitation.
Malicious activity has been associated with a botnet with at least 10 bots facilitating scanning and attacks. "In addition to the Cisco vulnerabilities, this botnet also scans for exposed secrets," said Ullrich. "For example backup files like /backup.gz that are sometimes left behind by careless administrators. The bots that are part of this botnet have been scanning for a variety of vulnerabilities for a few weeks now."
