Cisco patches critical bug in its Security Manager

Networking giant Cisco has disclosed a critical security vulnerability in Cisco Security Manager that could allow an unauthenticated, remote attacker to gain access to sensitive information.

The company said it has released software updates that address this vulnerability and there are no workarounds that address this vulnerability.

“An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device,” the company warned in its latest security update.

“The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device”.

This vulnerability affects Cisco Security Manager release 4.21 and earlier.

Cisco said a total of three security vulnerabilities have been fixed in version 4.22 of Cisco Security Manager which was released last week.

The company published the advisory after Florian Hauser of security firm Code White, who reported the bugs to Cisco, published proof of concept (PoC) exploits for 12 vulnerabilities affecting Cisco Security Manager, reports ZDNet.

Another bug in Cisco Security Manager releases 4.21 and earlier, tracked as CVE-2020-27125, could allow attackers to view insufficiently protected static credentials on the affected software.

–IANS

Comments (0)
Add Comment