Cisco Patches Critical Vulnerabilities amid Active Exploitation Attempts

The Cisco Smart Licensing Utility requires immediate update because active hackers currently exploit two crucial security vulnerabilities so Cisco released critical patches.

The Smart Licensing Utility of Cisco has received critical security updates to address reported active exploitation efforts since threat actors continue to present persistent cybersecurity risks. The two Cybersecurity issues CVE-2024-20439 and CVE-2024-20440 operate at the highest CVSS score of 9.8 providing attackers full administrative access and also let them access crucial log files. Cybersecurity experts indicate that these problems enable attackers to reveal a crucial authentication credentials which creates elevated unauthorized entry possibilities.

Research confirms the vulnerabilities were resolved in September 2024 and version 2.3.0 represents the newest secure release. SANS Internet Storm Center shows that threat actors started taking advantage of these vulnerabilities since March 2025. Researched by Johannes B. Ullrich from SANS Technology Institute indicates that malicious actors are exploiting another Cybersecurity vulnerability (CVE-2024-0305) found within Guangzhou Yingke Electronic Technology Ncast software.

Cybersecurity specialists recommend that organizations must immediately deploy the recent software updates because there is limited understanding of the attackers’ objectives. The protection of systems through regular updates operates as an essential measure to stop hackers from entering systems or stealing data.