Critical Security Updates for Cisco Smart Licensing Utility & Veeam Products

Cisco and Veeam have recently issued critical security updates for major products, including Cisco Smart Licensing Utility and Veeam Backup & Replication. These vulnerabilities, bearing high severity, pose serious risks to enterprise systems, potentially enabling unauthorized access and remote code execution.

Cisco Addresses Critical Vulnerabilities in Smart Licensing Utility (CVE-2024-20439 and CVE-2024-20440)

On September 4, 2024, Cisco released advisories detailing six security vulnerabilities, two of which are rated critical and one high severity.

The critical vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, stand out for their potential impact on Cisco Smart Licensing Utility, with the possibility of allowing unauthenticated remote attackers to access sensitive information or gain control over licensing services.

While both vulnerabilities are serious, Cisco has clarified that they are independent of one another, meaning that exploiting one does not necessitate the exploitation of the other.

Here’s a breakdown of these critical vulnerabilities:

CVE-2024-20439 (CVSS: 9.8):

This vulnerability allows an unauthenticated, remote attacker to gain administrative access to the affected system by using a static credential.

The flaw stems from an undocumented administrative account in the system, giving attackers a direct route to log in and manage Cisco Smart Licensing Utility services through its API.

Successful exploitation grants attackers administrative privileges, putting the system’s core services at risk of unauthorized control.

CVE-2024-20440 (CVSS: 9.8):

The second critical flaw is an information disclosure vulnerability caused by overly verbose logging in a debug log file. Attackers could exploit this by sending a specially crafted HTTP request, retrieving sensitive log files containing credentials that can be used to further access the API and the system.

According to the Cisco advisory, the vulnerability has a CVSS base score of 9.8, although NVD lists it as 7.5 at the time of writing.

Both vulnerabilities pose serious risks to organizations using affected versions of Cisco Smart Licensing Utility, underlining the importance of implementing security patches immediately.

Which Versions of Cisco Smart Licensing Utility Are Affected?

The identified vulnerabilities affect Cisco Smart Licensing Utility (SLU) versions 2.0.0, 2.1.0, and 2.2.0.

Moreover, the flaws only pose a risk when Cisco SLU is active on the system, as stated in Cisco’s official advisory, and systems running version 2.3.0 are unaffected.

Since there are no available workarounds, Cisco strongly advises organizations using older versions to promptly upgrade to the fixed release.

For more details, you can visit Cisco’s official security advisory here.

High-Severity Vulnerability in Cisco Meraki Systems Manager Agent (CVE-2024-20430)

Cisco has also addressed a high-severity vulnerability (CVE-2024-20430, CVSS: 7.3) in the Cisco Meraki Systems Manager (SM) Agent for Windows. While not as critical as the previously mentioned vulnerabilities, it poses a serious risk as it could allow attackers to escalate privileges on affected systems.

The vulnerability is caused by the improper handling of directory search paths during runtime, and could allow an authenticated, low-privileged attacker to install malicious configuration and DLL files on the system.

Once the Cisco Meraki SM Agent is launched, the malicious files will be read and executed, allowing the attacker to run arbitrary code with SYSTEM-level access.

Cisco notes that this vulnerability does not affect Cisco Meraki SM Agent for Mac. For more information, visit the official advisory.

Stay informed on the latest vulnerabilities with SOCRadar’s Vulnerability Intelligence module, which allows you to monitor CVEs, understand exploitation trends, and act swiftly to protect your systems from emerging threats.

Critical Vulnerabilities Addressed in Veeam’s September 2024 Security Bulletin

Veeam, a leading provider of backup and cloud solutions, has released its September 2024 Security Bulletin, addressing several critical vulnerabilities across its product line.

This month’s critical security patches were delivered to Veeam Backup & Replication, Veeam Agent for Linux, Veeam ONE, Veeam Service Provider Console, Veeam Backup for Nutanix AHV, and Oracle Linux Virtualization Manager.

Critical RCE in Veeam Backup & Replication: CVE-2024-40711

One of the most critical vulnerabilities is CVE-2024-40711, an unauthenticated Remote Code Execution (RCE) flaw in Veeam Backup & Replication, carrying a CVSS score of 9.8. The vulnerability affects Veeam Backup & Replication 12.1.2.172 and all previous version 12 builds.

Unpatched versions of the Veeam Backup & Replication software are also affected by several other high-risk vulnerabilities, including MFA bypass and credential interception issues, making it vital for organizations to update their systems immediately.

Other critical vulnerabilities in Veeam’s September 2024 updates are outlined below.

Veeam Service Provider Console

Versions Affected: 8.1.0.21377 and all earlier version 8 builds

• CVE-2024-38650 (CVSS: 9.9): This critical vulnerability allows low-privileged attackers to access the NTLM hash of the service account on the VSPC server.
• CVE-2024-39714 (CVSS: 9.9): A vulnerability that permits arbitrary file uploads on VSPC servers, leading to Remote Code Execution (RCE).

Veeam ONE

Versions Affected: 12.1.0.3208 and all earlier version 12 builds

• CVE-2024-42024 (CVSS: 9.1): This vulnerability enables Remote Code Execution (RCE) for attackers in possession of Veeam ONE Agent service account credentials.
• CVE-2024-42019 (CVSS: 9.0): A flaw allowing attackers to access the NTLM hash of the Veeam Reporter Service service account, requiring user interaction and data collected from Veeam Backup & Replication.

How to Address Veeam Vulnerabilities

These vulnerabilities present a serious threat to the security of critical data. Organizations utilizing Veeam products should take immediate action by updating to the following secure builds:

• Veeam Backup & Replication: Version 12.2 build 12.2.0.334
• Veeam ONE: Version 12.2 build 12.2.0.4093
• Veeam Service Provider Console: Version 8.1 build 8.1.0.21377

For a full list of vulnerabilities and further updates, refer to Veeam’s September 2024 Security Bulletinhere.

Ensure rapid response to newly discovered vulnerabilities with SOCRadar’s Attack Surface Management (ASM)module.

ASM helps safeguard your digital assets by delivering real-time threat alerts, enabling you to take preemptive action and strengthen your cybersecurity defenses.