Is CVE-2024-20439 actively exploited?

CVE-2024-20439 has no public evidence of in-the-wild exploitation as of 2025-10-28.

What is the CVSS score for CVE-2024-20439?

CVE-2024-20439 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2024-20439?

Patch guidance is available from cisco security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-20439.

Which products are affected by CVE-2024-20439?

1 product: cisco smart license utility.

Fix CVE-2024-20439 - CRITICAL cisco smart license utility

Description

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-912 CWE-798 · Hard-coded Credentials

Metadata

Primary Vendor: CISCO
Published: 9/4/2024
Last Modified: 10/28/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2024-20439

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary