CVSS 9.1 – CWE-35

“A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.”

On the 16/11/2020 a POC for a range of CISCO device vulnerabilities was released on GitHub by https://twitter.com/frycos.

Recommendations

  • The recommendation is that organisations with these devices review the applicability and where required patch their systems.
  • Organisaitons should review their logs for indicators of compromise
  • Organisations should add indicators to monitoring and alerting (e.g. path traversal execution with http 200 responses)

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-path-trav-NgeRnqgR

https://www.tenable.com/blog/cve-2020-27125-cve-2020-27130-cve-2020-27131-vulnerabilities-in-cisco-security-manager

https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e

Leave a Reply

Your email address will not be published. Required fields are marked *