Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Patches Publicly Disclosed Vulnerabilities in Security Manager

Cisco this week released advisories for three serious vulnerabilities in Security Manager that already have proof-of-concept (PoC) exploit code available online.

Tracked as CVE-2020-27130 and featuring a CVSS score of 9.1, the first of the bugs is a critical-severity issue that could be abused to download arbitrary files from the affected device.

Cisco this week released advisories for three serious vulnerabilities in Security Manager that already have proof-of-concept (PoC) exploit code available online.

Tracked as CVE-2020-27130 and featuring a CVSS score of 9.1, the first of the bugs is a critical-severity issue that could be abused to download arbitrary files from the affected device.

Exploitable by a remote, unauthenticated attacker, the weakness exists because directory traversal character sequences within requests to a vulnerable device are not properly validated.

“An attacker could exploit this vulnerability by sending a crafted request to the affected device,” Cisco explains in its advisory.

Cisco says that there are no workarounds available for this vulnerability but that Cisco Security Manager 4.22 addresses is.

The software release also patches CVE-2020-27125, a high-severity flaw (CVSS score of 7.4) that could result in the leakage of sensitive data.

“The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks,” the company notes.

No workarounds are available for this vulnerability either and Cisco also notes that both issues have been publicly disclosed, although they do not appear to be exploited in malicious attacks.

Security researcher Florian Hauser was credited for both flaws, as well as for CVE-2020-27131 (CVSS score of 8.1), a bug that could lead to the remote execution of arbitrary commands, without authentication, but which hasn’t been addressed yet.

The issue, which Cisco refers to as a collection of vulnerabilities, exists because user-supplied content is insecurely deserialized.

“An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITYSYSTEM on the Windows target host,” Cisco’s advisory reads.

The company notes that no workaround exists for this bug either and plans on patching it with the release of Security Manager 4.23.

Last week, Hauser revealed on Twitter that he reported the vulnerabilities to Cisco in July, along with 9 other issues in Security Manager. He published PoC code for these issues after Cisco released version 4.22 of the affected software without mentioning the flaws.

“Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn’t state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITYSYSTEM,” the researcher notes on GitHub.

Last week, Cisco released patches for a high-severity vulnerability in IOS XR software for ASR 9000 series routers (CVE-2020-26070, CVSS score of 8.6). The bug exists because resources are not properly allocated during the processing of network traffic in software switching mode.

The issue affects ASR 9000 routers running IOS XR releases earlier than 6.7.2 or 7.1.2. No workarounds exist for this flaw, but information on it hasn’t been publicly disclosed before Cisco’s advisory, the company says.

Related: Cisco Patches 17 High-Severity Vulnerabilities in Security Appliances

Related: Cisco Acquires Kubernetes-Native Security Platform Portshift

Related: Cisco Patches Actively Exploited Flaws in Carrier-Grade Routers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.