Detections
Analytics

CVE-2020-27125

critical

Description

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.

From the Tenable Blog

CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed
CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed

Published: 2020-11-17

Following the publication of proof-of-concept (PoC) code, Cisco released three advisories for multiple vulnerabilities silently patched in a recent update. Organizations should apply these patches immediately.

References

https://www.tenable.com/blog/cve-2020-27125-cve-2020-27130-cve-2020-27131-vulnerabilities-in-cisco-security-manager

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-rce-8gjUz9fW

Details

Source: Mitre, NVD

Published: 2020-11-17

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical