CVE-2020-27125

CWE-20Improper Input Validation5 documents5 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Security ManagerCisco Cisco Security Manager
Timeline
PublishedNov 17
Latest updateMay 24

Description

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-85fm-24gx-qx9x: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system2022-05-24
CVEList
Cisco Security Manager Static Credential Vulnerability2020-11-17

📋Vendor Advisories

1
Cisco
Cisco Security Manager Static Credential Vulnerability2020-11-16