Cisco has published advisories for three vulnerabilities in Cisco Security Manager, a tool used to manage Cisco devices. The vulnerabilities were recently discovered and disclosed by security researcher Florian Hauser of Code White.
On November 16, Cisco published three advisories for Cisco Security Manager — a tool for monitoring and managing a variety of Cisco devices — including multiple critical vulnerabilities that could lead to remote code execution (RCE).
CVE-2020-27125 is a static credential vulnerability allowing an unauthenticated attacker to view the source code of a file and harvest credentials, which could be leveraged in further attacks. CVE-2020-27130 is a path traversal vulnerability that could allow an attacker to arbitrarily download and upload files to a vulnerable device by sending a specially crafted directory traversal request. CVE-2020-27131 covers multiple unauthenticated vulnerabilities in the Java deserialization function of Cisco Security Manager. Exploitation of this vulnerability would require an attacker to send a malicious serialized Java object as part of a specially crafted request resulting in arbitrary code execution with NT Authorithy\\SYSTEM privileges.
These vulnerabilities are relatively easy to exploit and the researcher who discovered them, Florian Hauser, has already publicly shared proofs-of-concept (PoCs). Hauser noted in a tweet that these vulnerabilities are “almost all directly giving RCE” which presents multiple attack vectors that a threat actor could potentially exploit to take control of affected systems. Given the impact exploitation these vulnerabilities could have, and the fact that PoCs are available, it is imperative organizations patch as soon as updates are released as it’s inevitable that we will see in-the-wild attacks in the coming weeks, if not days.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics