Eric Vance

**Name of the Vulnerable Software and Affected Versions** Cisco Smart License Utility (affected versions not specified) **Description** The issue is related to the disclosure of information through registration files. It is due to excessive verbosity in a debug log file, which could allow an unauthenticated, remote attacker to access sensitive information by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Smart Licensing Utility (affected versions not specified) **Description** An issue in the Cisco Smart Licensing Utility (CSLU) allows an unauthenticated, remote attacker to log into an affected system. This is caused by an undocumented static user credential for an administrative account. A successful exploit enables the attacker to gain administrative rights over the CSLU application API. The software is an electron application built on a REST API written in golang. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.