CVE-2020-27125
published 2020-11-17CVE-2020-27125: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.71%
74.5th percentile
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_security_manager | — | — |
| cisco | security_manager | <= 4.21 | — |
| cisco | security_manager_static_credential | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker can exploit by viewing source code of the application to obtain static credentials embedded in Cisco Security Manager ↗
- →PoC code for CVE-2020-27125 and related Cisco Security Manager vulnerabilities was publicly released on GitHub by Florian Hauser of Code White on November 16, 2020 ↗
- →CVE-2020-27125 is a static credential vulnerability; detection should focus on unauthenticated access attempts to Cisco Security Manager source files or configuration files that may expose hardcoded credentials ↗
- ·No workarounds are available for CVE-2020-27125; the only remediation is upgrading to Cisco Security Manager 4.22 or later ↗
- ·Cisco was not aware of exploitation in the wild at the time the advisories were published, but public PoC code was released prior to the advisory ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Security Manager Static Credential Vulnerability
vendor_cisco·2020-11-16·CVSS 7.4
CVE-2020-27125 [HIGH] CWE-20 Cisco Security Manager Static Credential Vulnerability
Cisco Security Manager Static Credential Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system.
The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-rce-8gjUz9fW
Cisco
Cisco Security Manager Static Credential Vulnerability
vendor_cisco·CVSS 3.1
CVE-2020-27125 Cisco Security Manager Static Credential Vulnerability
CVE-2020-27125: Cisco Security Manager Static Credential Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-20, CWE-20
Bug IDs: CSCvu99938
GHSA
GHSA-85fm-24gx-qx9x: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system
ghsa_unreviewed·2022-05-24
CVE-2020-27125 [CRITICAL] CWE-20 GHSA-85fm-24gx-qx9x: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.
No detection rules found.
No public exploits indexed.
2020-11-17
Published