Flaws leave Cisco devices exposed

Three vulnerabilities in Cisco Security Manager – a tool used to manage Cisco devices – have been unearthed.

Commenting on the flaws - discovered and disclosed by security researcher Florian Hauser of Code White - Rody Quinlan, security response manager, Tenable, said they included multiple critical vulnerabilities that could lead to remote code execution (RCE).

"CVE-2020-27125 is a static credential vulnerability allowing an unauthenticated attacker to view the source code of a file and harvest credentials, which could be leveraged in further attacks.

“CVE-2020-27130 is a path traversal vulnerability that could allow an attacker to arbitrarily download and upload files to a vulnerable device by sending a specially crafted directory traversal request.

“CVE-2020-27131 covers multiple unauthenticated vulnerabilities in the Java deserialisation function of Cisco Security Manager. Exploitation of this vulnerability would require an attacker to send a malicious serialised Java object as part of a specially crafted request, resulting in arbitrary code execution with NT Authority\SYSTEM privileges.

"These vulnerabilities are relatively easy to exploit,” Quinlan adds, “and the researcher who discovered them, Florian Hauser, has already publicly shared proofs-of-concept (PoCs). Hauser noted in a tweet that these vulnerabilities are ‘almost all directly giving RCE’, which presents multiple attack vectors that a threat actor could potentially exploit to take control of affected systems.

“Given the impact exploitation these vulnerabilities could have, and the fact that PoCs are available, it is imperative organisations patch as soon as updates are released, as it’s inevitable that we will see in-the-wild attacks in the coming weeks, if not days,” he cautions.