Experts Reacted On The News That Vulnerabilities Discovered In Cisco Security Manager “Relatively Easy To Exploit”

By   ISBuzz Team
Writer , Information Security Buzz | Nov 18, 2020 04:35 am PST

Cisco has published advisories for three vulnerabilities in Cisco Security Manager, a tool used to manage Cisco devices. The vulnerabilities were recently discovered and disclosed by security researcher Florian Hauser of Code White.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Rody Quinlan
Rody Quinlan , Security Response Manager
November 18, 2020 12:39 pm

On November 16, Cisco published three advisories for Cisco Security Manager — a tool for monitoring and managing a variety of Cisco devices — including multiple critical vulnerabilities that could lead to remote code execution (RCE).

CVE-2020-27125 is a static credential vulnerability allowing an unauthenticated attacker to view the source code of a file and harvest credentials, which could be leveraged in further attacks. CVE-2020-27130 is a path traversal vulnerability that could allow an attacker to arbitrarily download and upload files to a vulnerable device by sending a specially crafted directory traversal request. CVE-2020-27131 covers multiple unauthenticated vulnerabilities in the Java deserialization function of Cisco Security Manager. Exploitation of this vulnerability would require an attacker to send a malicious serialized Java object as part of a specially crafted request resulting in arbitrary code execution with NT Authorithy\\SYSTEM privileges.

These vulnerabilities are relatively easy to exploit and the researcher who discovered them, Florian Hauser, has already publicly shared proofs-of-concept (PoCs). Hauser noted in a tweet that these vulnerabilities are “almost all directly giving RCE” which presents multiple attack vectors that a threat actor could potentially exploit to take control of affected systems. Given the impact exploitation these vulnerabilities could have, and the fact that PoCs are available, it is imperative organizations patch as soon as updates are released as it’s inevitable that we will see in-the-wild attacks in the coming weeks, if not days.

Last edited 3 years ago by Rody Quinlan

Recent Posts

Would love your thoughts, please comment.x