CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

Una vulnerabilidad en Cisco Smart Licensing Utility podría permitir que un atacante remoto no autenticado acceda a información confidencial. Esta vulnerabilidad se debe a un exceso de verbosidad en un archivo de registro de depuración. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a un dispositivo afectado. Una explotación exitosa podría permitir al atacante obtener archivos de registro que contienen datos confidenciales, incluidas las credenciales que se pueden usar para acceder a la API.