Cisco has hurried out a patch after a day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager.
Cisco Security Manager:
CSM – Cisco Security Manager is a security management application that provides insight into and control of Cisco security and network devices deployed by enterprises – security appliances, intrusion prevention systems, firewalls, routers, switches, etc.
Importantly, below are the recent vulnerabilities affecting Cisco Security Manager:
- CVE-2020-27130 – Cisco Security Manager Path Traversal Vulnerability
- CVE-2020-27125 – Cisco Security Manager Java Deserialization Vulnerabilities
Cisco Security Manager Path Traversal Vulnerability – CVE-2020-27130
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device.
However, An attacker could exploit this vulnerability by sending a crafted request to the affected device which could allow the attacker to download arbitrary files from the affected device.
Cisco Security Manager releases 4.21 and earlier.
Fix these vulnerabilities in Cisco Security Manager Release 4.22.
Cisco Security Manager Java Deserialization Vulnerabilities – CVE-2020-27125
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software.
An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system which could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host.
Cisco Security Manager releases 4.22 and earlier.
Fix these vulnerabilities in Cisco Security Manager Release 4.23.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of the malicious use of the vulnerability that is described in this advisory.